close
Ag
ar
wal
Ass
ig
nm
e
n
ts
Anti- Money Laundering
KNOW YOUR CUSTOMER AND ANTI-MONEY LAUNDERING (THE POLICY)
1. Objective
The Know Your Customer and Anti-Money Laundering (the Policy) applies to AGARWAL ASSIGNMENTS PRIVATE LIMITED (hereinafter referred to as ‘AGARWAL or ‘the Company’). This Policy requires the Company and each employee to:
- • Protect the Company from being used for money laundering or funding terrorist activities.
- • Conduct themselves in accordance with the highest ethical standards.
- • Comply with the letter and the spirit of applicable Anti-Money Laundering (AML) Laws, and the Company’s KYC & AML procedures.
- • Be alert to and escalate suspicious activity and not knowingly provide advice or other assistance to individuals who attempt to violate or avoid money-laundering laws, or this Policy;
- • Co-operate with the regulatory authorities and the Financial Intelligence Unit as per the applicable laws.
2. Applicability & Validity of the Policy
The Policy shall be applicable from such date as approved by the Board of Directors. The Board shall review, validate, update, and approve the Policy as applicable from time to time. Any revisions in specific aspects of this Policy may be communicated through mandates issued by the relevant authority and shall become part of this Policy from the date they become effective.
3. Regulatory Reference
RBI vide its circular no. RBI/2015-16/108 DNBR (PD) CC No. 051/03.10.119/2015-16 as duly amended from time to time has instructed all the Non- Banking Finance Company (NBFCs) to adopt the necessary guidelines depending on the activity undertaken by them and ensure that a proper policy framework on ‘Know Your Customer’ and Anti-Money Laundering measures is formulated and put in place with the approval of the Board. Therefore, this Policy is thus being designed in line with Master Direction - Know Your Customer (KYC) Direction, 2016, issued by the RBI, as amended from time to time (“KYC Master Directions”) Prevention of Money Laundering Act -2002, Prevention of Money Laundering (Maintenance of Records) Rules, 2005 and such other regulatory laws as may be applicable.
4. Definitions
For the purpose of KYC Norms, definition of various terms used is as under:
ii. “Act” and “Rules” means the Prevention of Money-Laundering Act, 2002 and the Prevention of Money- Laundering (Maintenance of Records) Rules, 2005, respectively and amendments thereto.
iii. “Authentication” in the context of Aadhaar authentication, means the process as defined under sub-section (c) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.
iv. “Central KYC Records Registry” (CKYCR) means an entity defined under Rule 2(1)(aa) of Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, to receive, store, safeguard and retrieve the KYC records in digital form of a customer.
v. “Certified Copy” - Obtaining a certified copy by the Company shall mean comparing the copy of the proof of possession of Aadhaar number where offline verification cannot be carried out or officially valid documents produced by the customer with the original and recording the same on the copy by the authorised officer of the RE as per the provisions contained in the Act.
vi. “Counterfeit Currency Transaction means all cash transactions, where forged or counterfeit Indian currency notes have been used as genuine. These cash transactions should also include transactions where forgery of valuable security or documents has taken place.
vii. “Customer” means a person who is engaged in a financial transaction or activity with the Company and includes a person on whose behalf the person who is engaged in the transaction or activity, is acting.
viii. “Digital KYC” means the capturing live photo of the customer and officially valid document or the proof of possession of Aadhaar, where offline verification cannot be carried out, along with the latitude and longitude of the location where such live photo is being taken by an authorized officer of the Company as per the provisions contained in the Act.
ix. “Digital Signature” shall have the same meaning as assigned to it in clause (p) of subsection (1) of section (2) of the Information Technology Act, 2000 (21 of 2000).
x. “Equivalent e-document” means an electronic equivalent of a document, issued by the issuing authority of such document with its valid digital signature including documents issued to the digital locker account of the customer as per rule 9 of the Information Technology (Preservation and Retention of Information by Intermediaries Providing Digital Locker Facilities) Rules, 2016.
xi. “Know Your Client (KYC) Identifier” means the unique number or code assigned to a customer by the Central KYC Records Registry.
xii. “KYC Templates” means templates prepared to facilitate collating and reporting the KYC data to the Central KYC Records Registry (CKYCR), for individuals and legal entities, as required by the relevant Rules.
xiii. “Designated Director”- means a person designated by the Board of Directors of the Company to ensure overall compliance with the obligations imposed under chapter IV of the Prevention of Money Laundering Act (PMLA) and the Rules thereunder and includes:-
a) The Managing Director or a Whole-Time Director duly authorized by the Board of Directors,
b) The name, designation and address of the Designated Director shall be communicated to the Financial Intelligence Unit-India (FIU-IND).
c) A person of senior management official designated by the Company as “Designated Director” to ensure compliance with the obligations under the Prevention of Money Laundering (Amendment) Act, 2012. However, in no case, the Principal Officer should be nominated as the "Designated Director".
xiv. “Offline verification” shall have the same meaning as assigned to it in clause (pa) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016).
xv. “Officially Valid Document” (OVD) means the passport, the driving license, proof of possession of Aadhaar number, the Voter's Identity Card issued by the Election Commission of India, job card issued by NREGA duly signed by an officer of the State Government and letter issued by the National Population Register containing details of name and address.
xvi. “Politically Exposed Persons” (PEPs) are individuals who are or have been entrusted with prominent public functions by a foreign country, including the Heads of States/Governments, senior politicians, senior government or judicial or military officers, senior executives of state-owned corporations and important political party officials.
xvii. Principal Officer (PO) An official designated by the Board of Directors of the Company for overseeing and managing the KYC& AML policies and processes.
The PO will be responsible for ensuring compliance, monitoring transactions, and sharing and reporting information as required under the law/regulations.
The name, designation and address of the Principal Officer shall be communicated to the Financial Intelligence Unit-India FIU-IND.
xviii. “Senior Management” - for the purpose of KYC compliance shall include members of the Management Committee, Designated Director, Head of Compliance, Principal Officer (PO) and his supervisor.
xix. “Suspicious transaction” means a “transaction” as defined below, including an attempted transaction, whether or not made in cash, which, to a person acting in good faith:
gives rise to a reasonable ground of suspicion that it may involve proceeds of an offence specified in the Schedule to the Act, regardless of the value involved; or
appears to be made in circumstances of unusual or unjustified complexity; or
appears to not have economic rationale or bona-fide purpose; or
gives rise to a reasonable ground of suspicion that it may involve financing of the activities relating to terrorism.
xx. “Video based Customer Identification Process (V-CIP)”: a method of customer identification by an official of the Company by undertaking seamless, secure, real-time, consent-based audio- visual interaction with the customer to obtain identification information including the documents required for CDD purpose, and to ascertain the veracity of the information furnished by the customer.
5. Money Laundering and Terrorist Financing Risk Assessment by the Company:
ii. The assessment process shall consider all the relevant risk factors before determining the level of overall risk and the appropriate level and type of mitigation to be applied. While preparing the internal risk assessment, the Company shall take cognizance of the overall sector-specific vulnerabilities, if any, that the regulator/supervisor may share with the Company from time to time.
iii. The risk assessment by the Company shall be properly documented and be proportionate to the nature, size, geographical presence, complexity of activities/structure, etc. of the Company. iv. The outcome of the exercise shall be put up to the Board or any committee of the Board to which power in this regard has been delegated and should be available to competent authorities and self-regulating bodies.
6. The Company shall apply a Risk Based Approach (RBA) for mitigation and management of the identified risk and should have Board approved policies, controls and procedures in this regard. Further, the Company shall monitor the implementation of the controls and enhance them If necessary.
Customer Acceptance Policy
In line with the Reserve Bank of India (RBI) Directions, the Prevention of Money Laundering Act (PMLA) and the Rules thereunder, the Company has formulated Customer Acceptance Policy (CAP) which lays down the broad criteria for acceptance of customers.
The features of the Customer Acceptance Policy (CAP) are detailed below:
ii. No account is opened where the Company is unable to apply appropriate due diligence measures, either due to non-cooperation of the customer or non-reliability of the documents/information furnished by the customer.
iii. No transaction or account-based relationship shall be undertaken without following the due diligence procedure.
iv. The mandatory information to be sought for KYC purpose while opening an account and during the periodic updation shall be specified.
v. ‘Optional’/additional information, is obtained with the explicit consent of the customer after the account is opened.
vi. The Company shall ensure that the identity of the customer does not match with any person with known criminal background or with banned entities such as individual terrorists or terrorist organizations, etc. For this purpose, the Company shall maintain lists of individuals or entities issued by Reserve Bank of India (RBI), United Nations Security Council, other regulatory & enforcement agencies, internal lists as the Company may decide from time to time. Full details of accounts/ customers bearing resemblance with any of the individuals/ entities in the list shall be treated as suspicious and reported.
vii. Adequate due diligence is a fundamental requirement for establishing the identity of the customer. Identity generally means a set of attributes which together uniquely identify a natural person or legal entity. In order to avoid fictitious and fraudulent applications of the customers, and to achieve a reasonable degree of satisfaction as to the identity of the customer, the Company shall conduct appropriate due diligence.
viii. The Company may rely on third party verification subject to the conditions prescribed by Reserve Bank of India (RBI) in this regard.
ix. The purpose of commencing the relationship/opening of accounts shall be established and the beneficiary of the relationship/account shall also be identified.
x. The information collected from the customer shall be kept confidential.
xi. Where the Company is unable to apply appropriate KYC measures due to non-furnishing of information and /or non-cooperation by the customer, the Company may consider closing the account or terminating the business relationship. However, the decision to close an existing account shall be taken at a reasonably senior level, after giving due notice to the customer explaining the reasons for such a decision.
xii. Where an equivalent e-document is obtained from the customer, the Company shall verify the digital signature as per the provisions of the Information Technology Act, 2000 (21 of 2000).
The Company may undertake live V-CIP, to be carried out by an official of the Company, for establishment of an account-based relationship with an individual customer, after obtaining his informed consent:
ii) Live location of the customer (Geotagging) shall be captured to ensure that customer is physically present in India.
iii) The official shall ensure that photograph of the customer in the Aadhaar/PAN details matches with the customer undertaking the V-CIP and the identification details in Aadhaar/PAN shall match with the details provided by the customer.
iv) The official shall ensure that the sequence and/or type of questions during video interactions are varied in order to establish that the interactions are real-time and not pre-recorded.
v) In case of offline verification of Aadhaar using XML file or Aadhaar Secure QR Code, it shall be ensured that the XML file or QR code generation date is not older than 3 working days from the date of carrying out V-CIP.
vi) All accounts opened through V-CIP shall be made operational only after being subject to concurrent audit, to ensure the integrity of process.
vii) The Company shall ensure that the process is a seamless, real-time, secured, end-to-end encrypted audio- visual interaction with the customer and the quality of the communication is adequate to allow identification of the customer beyond doubt. The Company shall carry out the liveliness check in order to guard against spoofing and such other fraudulent manipulations.
viii) To ensure security, robustness and end to end encryption, the Company shall carry out software and security audit and validation of the V-CIP application before rolling it out.
ix) The activity log along with the credentials of the official performing the V-CIP shall be preserved and
x) The Company shall ensure that the video recording is stored in a safe and secure manner and bears the date and time stamp.
xi) The Company shall ensure to redact or blackout the Aadhar Number obtained from the client.
7. Risk Management
For Risk Management, the Company shall have a risk-based approach which includes the following:
ii. Broad principles may be laid down by the Company for risk-categorisation of customers.
iii. Risk categorisation shall be undertaken based on parameters such as customer’s identity, social/financial status, nature of business activity, and information about the customer’s business and their location, geographical risk covering customers as well as transactions, type of products/services offered, delivery channel used for delivery of products/services, types of transaction undertaken – cash, cheque/monetary instruments, wire transfers, forex transactions, etc. While considering customer’s identity, the ability to confirm identity documents through online or other services offered by issuing authorities may also be factored in.
iv. The risk categorisation of a customer and the specific reasons for such categorisation shall be kept confidential and shall not be revealed to the customer to avoid tipping off the customer.
8. List of Customer Identification Documents
Following documents are collected for customer identification and address verification:
2. Second (secondary) KYC document:
• Voter ID issued by Election Commission
• Ration Card (only if the borrower name is mentioned on the ration card)
• Driver License (Not expired)
• PAN Card or Form 60
• Job card issued to the borrower by the state government under MNREGA
• Nationalized Banks passbook with Photo ID.
• Utility Bill – Electricity (not more than 2 months old)
9. Customer Identification Procedures
The Company shall undertake identification of customers in the following cases:
ii. When there is a doubt about the authenticity or adequacy of the customer identification data it has obtained.
iii. Selling their own products, selling third party products as agents and any other product for more than Rs. 50,000/-.
iv. Carrying out transactions for a non-account-based customer (walk-in customer).
v. The Company shall obtain satisfactory evidence of the identity of the customer depending upon the perceived risks at the time of commencement of relationship/ opening of account. Such evidences shall be substantiated by reliable independent documents, data or information or other means like physical verification etc.
vi. The Company shall obtain and verify Permanent account number (PAN) of customers as per the applicable provisions of Income Tax Rule 114B. Form 60 shall be obtained from persons who do not have PAN.
vii. The documents to be accepted by the Company for customer identification shall be based on the regulatory prescriptions from time to time and shall be finalized after approval from Operations Head.
viii. Decision-making functions of determining compliance with KYC norms shall not be outsourced. ix. The customers shall not be required to furnish an additional Officially valid document (OVD), if the Officially valid document (OVD) submitted for KYC contains proof of identity as well as proof of address.
x. The customers shall not be required to furnish separate proof of address for permanent and current addresses, if these are different. In case the proof of address furnished by the customer is the address where the customer is currently residing, a declaration shall be taken from the customer about her/ his local address on which all correspondence shall be made by the Company.
xi. The local address for correspondence, for which their proof of address is not available, shall be verified through ‘positive confirmation’ such as cheque books, ATM cards, telephonic conversation, positive address verification etc.
xii. In case of change in the address mentioned on the ‘proof of address’, fresh proof of address should be obtained within a period of 6 months.
10. Customer Due Diligence (CDD) Procedure
1. The Company shall obtain the following documents from an individual while establishing an account based relationship:
ii) one recent photograph; and
iii) such other documents pertaining to the nature of business or financial status specified by the Company.
Further, the Company shall carry out authentication of the Customer’s Aadhar Number using e-KYC authentication facilities provided by the Unique Identification Authority of India. Moreover, where the customer has submitted an equivalent e document of any Officially valid document (OVD), the Company shall verify the digital signature as per the provisions of the Information Technology Act, 2000 and rules made thereunder and take a live photo as specified in Reserve Bank Of India (RBI) Circular.
2. The information collected from customers for the purpose of opening of account shall be treated as confidential and details thereof shall not be divulged for the purpose of cross selling, or for any other purpose without the express permission of the customer.
3. A copy of the marriage certificate issued by the State Government or Gazette notification indicating change in name together with a certified copy of the ‘officially valid document’ in the existing name of the person shall be obtained for proof of address and identity, while establishing an account-based relationship or while undertaking periodic updation exercise in cases of persons who change their names on account of marriage or otherwise.
4. If an existing KYC compliant customer of the Company desires to open another account with it, there shall be no need for a fresh CDD exercise provided there is no change in details last provided under the Company’s KYC norms.
Where the Company is suspicious of money laundering or terrorist financing, and it reasonably believes that performing the CDD process will tip-off the customer, it shall not pursue the CDD process, and instead file an STR (Suspicious Transaction Report)..
Prohibited List of Individuals/Entities:
The Company shall ensure that in terms of Section 51A of Unlawful Activities (Prevention) (UAPA) Act, 1967 and amendments thereto, any of the existing or new customers are not in the prohibited list of individuals and entities which are periodically prescribed by local regulator from time to time. Compliance monitoring of such individuals / entities are done periodically be screening them against the below lists provided under RBI Directions, as amended from time to time:
(i) The “ISIL (Da’esh) & Al-Qaeda Sanctions List: https://scsanctions.un.org/ohz5jen-al-qaida.html(ii) The “Taliban Sanctions-List ”https://scsanctions.un.org/3ppp1 ntaliban.html Pursuant to the above screening, if any of the accounts of customers of individuals or entities are categorised as ‘High-Risk’, then the Company shall follow the enhanced due diligence procedures prescribed under RBI Directions.
11. Digital KYC Process
ii. The access of the Application shall be controlled by the Company and it should be ensured that the same is not used by unauthorized persons. The Application shall be accessed only through login-id and password or Live OTP or Time OTP controlled mechanism given by the Company to its authorized officials. C. The customer, for the purpose of KYC, shall visit the location of the authorized official of the Company or vice- versa. The original Officially valid document (OVD) shall be in possession of the customer.
The Company must ensure that the Live photograph of the customer is taken by the authorized officer and the same photograph is embedded in the Customer Application Form (CAF). Further, the system Application of the RE shall put a water-mark in readable form having CAF number, GPS coordinates, authorized official’s name, unique employee Code (assigned by Company) and Date (DD:MM:YYYY) and time stamp (HH:MM:SS) on the captured live photograph of the customer.
iii. The Application of the Company shall have the feature that only live photograph of the customer is captured and no printed or video-graphed photograph of the customer is captured. The background behind the customer while capturing live photograph should be of white colour and no other person shall come into the frame while capturing the live photograph of the customer.
iv. Similarly, the live photograph of the original Officially valid document (OVD) or proof of possession of Aadhaar where offline verification cannot be carried out (placed horizontally), shall be captured vertically from above and water-marking in readable form as mentioned above shall be done. No skew or tilt in the mobile device shall be there while capturing the live photograph of the original documents. The live photograph of the customer and his original documents shall be captured in proper light so that they are clearly readable and identifiable.
v. Once the above-mentioned process is completed, a One Time Password (OTP) message containing the text that ‘Please verify the details filled in form before sharing OTP’ shall be sent to customer’s own mobile number. Upon successful validation of the OTP, it will be treated as customer signature on CAF. However, if the customer does not have his/her own mobile number, then mobile number of his/her family/relatives/known persons may be used for this purpose and be clearly mentioned in CAF. In any case, the mobile number of authorized officer of the Company shall not be used for customer signature.
vi. The authorized officer shall provide a declaration about the capturing of the live photograph of customer and the original document. For this purpose, the authorized official shall be verified with One Time Password (OTP) which will be sent to his mobile number registered with the Company. Upon successful OTP validation, it shall be treated as authorized officer’s signature on the declaration. The live photograph of the authorized official shall also be captured in this authorized officer’s declaration.
vii. The authorized officer of the Company shall check and verify that:- (i) information available in the picture of document is matching with the information entered by authorized officer in CAF. (ii) live photograph of the customer matches with the photo available in the document.; and (iii) all of the necessary details in CAF including mandatory field are filled properly.
viii. On Successful verification, the CAF shall be digitally signed by authorized officer of the Company who will Takea print of CAF, get signatures/thumb-impression of customer at appropriate place, then scan and upload the same in system. Original hard copy may be returned to the customer.
12. Monitoring of Transactions
Ongoing monitoring is an essential element of effective KYC procedures. The Company shall undertake on-going due diligence of customers to ensure that their transactions are consistent with their knowledge about the customers, customers’ business and risk profile; and the source of funds.
13. Reporting to Financial Intelligence Unit – India
a) Cash transaction report (CTR)/Counterfeit Currency Report (CCR) - All such cash transactions where forged or counterfeit Indian currency notes of bank notes have been used as genuine as Counterfeit Currency Report (CCR) for each month shall be submitted to FIU-IND by 15th of the succeeding month. While filing CTR, details of individual transactions below Rupees Fifty Thousand need not be furnished
b) Suspicious Transactions Reporting (STR)- The Company shall endeavor to put in place automated systems for monitoring transactions to identify potentially suspicious activity. Such triggers will be investigated and any suspicious activity will be reported to Financial Intelligence Unit-India (FIU-IND).
The Company shall file the Suspicious Transaction Report (STR) to FIU-IND within 7 days of arriving at a conclusion that any transaction, whether cash or non-cash, or a series of transactions integrally connected are of suspicious nature. However, in accordance with the regulatory requirements, the Company will not put any restriction on operations in the accounts where an STR has been filed.
ii. Confidentiality and Prohibition against disclosing Suspicious Activity Investigations and Reports-
The Company shall maintain utmost confidentiality in investigating suspicious activities and while reporting Counterfeit Currency Report (CCR)/ Suspicious Transactions Report (STR) to the Financial Intelligence Unit-India (FIU-IND)/ higher authorities. However, the Company may share the information pertaining to the customers with the statutory/ regulatory bodies and other organizations such as banks, credit bureaus, income tax authorities, local government authorities etc.
14. Sharing KYC information with Central KYC Records Registry
ii. The Company shall capture the KYC information for sharing with the Central KYC Records Registry (C-KYCR)in the manner as prescribed in the Rules as per the prescribed KYC templates for ‘individuals’ and ‘Legal Entities’ as applicable. Further, the Company shall upload the KYC data pertaining to all types of prescribed accounts with Central KYC Records Registry (CKYCR), as and when required, in terms of the provisions of the Rules.
15. Independent Evaluation
To provide reasonable assurance that its KYC and AML procedures are functioning effectively, an audit of its KYC and AML processes will covered under Internal Audit of the Company. The audit findings and compliance thereof will be put up before the Audit Committee of the Board.
16. Responsibilities of Senior Management
ii. Principal Officer- An official (having knowledge, sufficient independence, authority, time and resources to manage and mitigate the AML risks of the business) shall be designated as the Principal Officer of the Company. The Principal Officer shall be responsible for ensuring compliance, monitoring transactions, and sharing and reporting information as required under the law/ regulations.
iii. Key Responsibilities of the Senior Management
a) Ensuring overall compliance with regulatory guidelines on KYC/ AML issued from time to time and obligations under Act and Rules.
b) Proper implementation of the company’s KYC & AML policy and procedures.
17. Record Management
a) All cash transactions where forged or counterfeit currency notes or bank notes have been used as genuine and where any forgery of a valuable security or a document has taken place facilitating the transactions.
b) All suspicious transactions whether or not made in cash. c) Records pertaining to identification of the customer and his/her address; and d) Should allow data to be retrieved easily and quickly whenever required or when requested by the competent authorities.
ii. For maintenance, preservation and reporting of customer account information, with reference to provisions of PML Act and Rules. The Company shall,
a) maintain for at least 5 years from the date of transaction between the Company and the client, both domestic and international.
b) maintain for at least 5 years from the date of transaction between the Company and the client, all necessary records of transactions so as to permit reconstruction of individual transactions, including the following:
(i) the nature of the transactions.
(ii) the amount of the transaction and the currency in which it was denominated.
(iii) the date on which the transaction was conducted, and
(iv) the parties to the transaction.
18. Hiring of Employees, their Training and Education of Customers
ii. The Company shall endeavor to ensure that the staff dealing with / being deployed for KYC/AML/CFT matters have: high integrity and ethical standards, good understanding of extant KYC/AML/CFT standards, effective communication skills and ability to keep up with the changing KYC/AML/CFT landscape, nationally and internationally. The Company shall also strive to develop an environment which fosters open communication and high integrity amongst the staff.
iii. On-going employee training programme shall be put in place so that the members of staff are adequately trained in KYC/AML/CFT policy. The focus of the training shall be different for frontline staff, compliance staff and staff dealing with new customers. The front desk staff shall be specially trained to handle issues arising from lack of customer education. Proper staffing of the audit function with persons adequately trained and well-versed in KYC/AML/CFT policies of the Company, regulation and related issues shall be ensured.
iv. Implementation of KYC Procedures requires the Company to seek information which may be of personal nature or which has hitherto never been called for. This can sometimes lead to a lot of questioning by the customer as to the motive and purpose of collecting such information. To meet such a situation, it is necessary that the customers are educated and apprised about the sanctity and objectives of KYC procedures so that the customers do not feel hesitant or have any reservation while passing on the information to the Company.
19. Secrecy Obligations and Sharing of Information:
(b) Information collected from customers for the purpose of opening of account shall be treated as confidential and details thereof shall not be divulged for the purpose of cross selling, or for any other purpose without the express permission of the customer.
(c) While considering the requests for data/information from Government and other agencies, the Company shall satisfy themselves that the information being sought is not of such a nature as will violate the provisions of the laws relating to secrecy in the transactions.
(d) The exceptions to the said rule shall be as under:
i. Where disclosure is under compulsion of law
ii. Where there is a duty to the public to disclose,
iii. the interest of the Company requires disclosure and
iv. Where the disclosure is made with the express or implied consent of the customer