Cash Friend Fintech Private Limited (hereinafter referred to as the “Company” or “PayFi”) is a Delhi based Payment Aggregator and is in the business of enabling online payment gateway services for e-commerce businesses.
The Board of Directors of PayFi has adopted this policy framed in accordance with the Reserve Bank of India’s (‘RBI’) Master Direction – Know Your Customer (KYC) Direction, 2016 issued vide RBI notification RBI/DBR/2015-16/18 Master Direction DBR.AML.BC.No.81/14.01.001/2015-16 February 25, 2016 to be followed in all dealings with the borrowers of the Company.
Objective
The objective of the KYC policy is to prevent the Company from being used, intentionally or unintentionally, by criminal elements for money laundering activities. KYC procedures also help the Company to manage its risks prudently by understanding customers and their financial dealings. The Company has framed this policy incorporating the following four key elements:
(i) Customer Identification Procedures
(ii) Customer Acceptance Policy
(iii) Money Laundering – Risk management and
(iv) Monitoring of Transactions
For the purpose of the KYC policy, a ‘Customer’ means a person who is engaged in a financial transaction or activity with the Company and includes a person on whose behalf the person who is engaged in the transaction or activity, is acting.
Customer Identification Procedure (CIP)
The Company shall obtain sufficient information necessary to establish, to its satisfaction, the identity of each customer and the purpose of the intended nature of the business relationship. Company’s CIP shall include:
a. Verification of the identity of any Person transacting with the Company to the extent reasonable and practicable pursuant to and subject to the relevant laws and regulations, and
b. Maintain records of the information used to verify a customer’s identity, including name, address, and other identifying information
List of such information/documents to be obtained from customers for identification and due diligence is provided in Annexure 1.
Unique Customer Identification Code (UCIC)
The Company shall allot Unique CustomerIdentification Code (UCIC) to all their customers while entering any new relationships.
1. Every customer will be allotted a Unique Customer Identification Code in our system at the time of their profile creation for the first time.
2. Our system runs a de-dupe for all new customers against our existing customers in our system based on various KYC information such as PAN/Voter Card No/DOB/Mobile No/etc. to prevent re-entry of the same customer with new profile information.
Customer Acceptance Policy (CAP)
The following Customer Acceptance Policy shall be followed by the Company:
a) No account shall be opened in anonymous or fictitious/benami name(s).
b) No entity/person who is mentioned in the money laundering related banned list published by Government of India, will be accepted as a customer. Refer Annexure 4 for the banned lists. c) The Company may ask for closure of facilities from customers and shall not provide further facilities where it is unable to receive appropriate information commensurate to the perceived risk of money laundering, in line with its internal policies and the requirements of PMLA Act, 2002 and guidelines issued by RBI from time to time.
d) Each account on being setup, shall be assigned a Risk categorisation to reflect the risk of money laundering arising from the relationship. Refer Annexure 2 for guidance.
Money Laundering Risk Management
The Company follows a policy of classification of customers into low, medium and high-ML risk profiles. This risk profile is based on the abovementioned Customer Acceptancy Policy (CAP). An indicative categorization for the guidance of businesses is provided in Annexure 2.
Review of risk categorization of the customer will be done annually
The Internal Auditors shall check and verify the application of KYC procedures on a sample basis as per their Audit program and comment on the lapses if any observed in this regard. The compliance in this regard shall be put up before the Audit Committee of the Board on quarterly intervals.
Monitoring of Transactions
Ongoing monitoring is an essential element of effective KYC procedures. The Company has put in place an appropriate mechanism to identify suspicious Customer transactions that will be periodically verified to ensure ML safeguards. Refer Annexure 3 for guidance.
Record storage & retention
The storage and retention of KYC & AML records as per the extant guidelines are outlined in Annexure 5.
Customer Education
The Company on an ongoing basis educates the staff on the elements of KYC through various digital or face to face training programs, who in-turn educate the customers on the objectives of the KYC program.
Introduction of New Technologies
The Company shall pay special attention to any money laundering threats that may arise from new or developing technologies that might favour anonymity, and take measures, if needed, to prevent its use in money laundering schemes.
Appointment of Principal Officer & Designated Director
Principal Officer & Designated Director shall be located at the Head Office of the Company. Annexure 6 identifies the Company Executives that have been appointed for these roles and their responsibilities. The name, designation, and address of the Principal Officer & the Designated Director shall be communicated to the FIU-IND1.
Reporting to Financial Intelligence Unit India1
Information/reporting with respect to Cash Transactions & Suspicious Transactions as required in terms of the RBI Directions, PMLA and the Rules made thereunder shall be furnished to the Director, FIU-IND, in the prescribed formats and within the prescribed time frame, directly by the Principal Officer. Annexure 7 contains the list of reports to be made to FIU by the Company.
1 The Company currently notes that the requirement to register with the Financial Intelligence Unit – India (FIU-IND) is not applicable to the Company pending its Payment Aggregator license application with the RBI. The Company would proceed with the registration subsequent to the grant of license by the RBI. However, the Company has designated the Nodal officer as the Principal Officer for the limited purpose of overseeing adherence to PMLA guidelines and regulatory correspondence, if any.
Annexure 1: Customer Identity Documents
A copy of the following documents at the minimum is required for each new customer and the same should be authenticated in either of the ways:
(i) Documents digitally captured through the Company’s On-Boarding System – under which the maker checker features replace the manual authentication procedures
(ii) Authentication by an executive from the On-Boarding team if a physical copy of the documents is taken.
| 1. | ID Proof (Signing Authority) | • PAN Card – Details to be updated in the registration form • Passport Copy OR Driving License Copy OR Election card (Self attested required sign & Company stamp on it) |
| 2 | Bank Account (into which you wish to receive the settlements) (Online) | Update the Account Number & IFSC Code in the registration form |
| Bank Account (into which you wish to receive the settlements) (Offline) | In case of Online verification failure or for validation please upload a self-attested copy of the cancelled cheque | |
| 3 | Office Address Proof (Online) | GSTIN details to be entered in the registration Form |
| Office Address Proof (Offline- In case of unavailability of GSTIN – Any One Self Attested Document can be uploaded) | • Own Property – Electricity bill • Rent Property – Rent Agreement copy & Electricity bill • Bank Account – Statement OR Passbook | |
| 4 | Additional Documents | • Individual (No additional documents required) • Sole Proprietor • Partnership/LLP Firm • Public limited / Private Limited • Others (NGO / Government / Education / Society) |
| 5 | Financial Proof | Current Account statements for last 12 months with Bank seal and Bank Logo OR Audited Balance Sheet with P & L Account statements for last 2 years |
| Sole Proprietor: (Any 1 documents) |
| a Registration certificate (in the case of a registered concern) |
| b Certificate/license issued by the Municipal authorities under Shop & Establishment Act |
| c Certificate/registration document issued under GST / Professional Tax authorities. |
Note:
1. All products desired to be sold online should be mentioned in the Registration Certificate. 2. Case of registration proof in regional language, required regional language confirmation letter (or) the same in English on proprietorship letter head.
| Partnership/LLP Firm: |
| a. Certificate of registration (for registered partnership firms only) |
| b. Copy of partnership deed |
| c. Copy of Pan Card of Partnership Firm |
| d. Board resolution applicable in case of LLP only (on letterhead of LLP) a resolution passed in favour of authorized signatory. Note: Date should be in printed format & also the date should be less than 60 days. |
Note:
1. Partnership deed should include all partners’ names and sharing details.
2. All products desired to be sold online, should be mentioned in the partnership deed.
| Public limited / Private Limited: |
| A Memorandum / Articles of Association and Certificate of Incorporation. (1st and Last 3 Pages) |
| B List of Directors details from MCA Website. |
| C Company Pan Card. |
| D Board Resolution |
Note:
1. MOA / AOA: All products desired to be sold online should be mentioned in the MOA/AOA. If not, an amendment of MOA is to be provided.
2. Board Resolution: This has to be signed by a minimum two directors/ company secretary. Whomever names are mentioned in the Board Resolution, shall provide a copy of their PAN Card.
| Others ( NGO / Government / Education / Society ): |
| a Memorandum of Understanding / Certificate of registration (for registered trust only) & Copy of Trust deed or Society Deed / Government Certificate. |
| b List of trustees/member/authorized signatory certified. |
| c Copy of Pan card of Trust. |
| d Trust Resolution |
Updation on Identity Documents for existing customers
For existing customers, their identity documents (KYC documents) shall be updated and authenticated periodically (complying with the requirements of PMLA Act, 2002 and guidelines issued by RBI from time to time):
• For “Low’’ risk category : Once every 2 years
• For ‘’Medium’’ risk: : Once every 1 years
• For “High” Risk: : Once every 6 months
iii Annexure 2: Risk categorization- guideline
The micro and small enterprise owners targeted by the Company are entities of modest means and lie at the bottom of the economic pyramid. The majority of the business for these tiny non-formal sector enterprises is conducted in cash. However, from the perspective of money laundering and terrorist financing, these entities would typically fall in the category of “Low Risk” due to the small aggregate of annual transactions for any entity.
The Company policies and processes are hence tuned to identify if any exceptional customer who demonstrates transactions or behaviours indicative of moderate or high risk related to ML. At the time of accepting a new customer, the ML risk category shall be ‘Low’ (default) unless setup otherwise
Indicative High or Medium categorization of ML risks
Customers that are likely to pose a higher-than-average risk may be categorized as medium or high risk depending on:
a) Customer’s background: Politically Exposed Persons(PEPs) of Indian/ Foreign Origin, customers with close connections with a political party
b) Nature of activity: Speculative businesses (akin to gambling), on-lending/ghost lending, bullion, or jewellery
c) Sources of funds: funded through Trust, charities, NGO’s, and Organization receiving donations, Firms with ‘sleeping partners’
d) Occurrence of Suspicious transactions – see Annexure 3
iv Annexure 3: Review of risk categorisation / Suspicious transactions
Financial activities which are not consistent in scale or nature with the customer’s business should be construed as suspicious transactions.
The Following transactions could be a trigger for review of the customer from AML risk perspective and if an adequate explanation is not found the risk grading may be changed as given below.
Such transactions should be reviewed every month by the Risk Team mentioned in table below and a summary of the same along with the Action Taken Report should be presented to the Audit Committee:
| Alert Indicator | Indicative Rule/ Scenario | Risk Category |
| Large single transaction alert | Greater than Rs 50,000 in a single day | Medium |
| Frequent requests for change of address | 2 or more change of address in a quarter | Medium |
| Multiple accounts under the same name or combination of names | More than 1 account with different customer ids | Medium |
| Large change in business scale | Over 100% growth in business in less than six months | Medium |
| Match with United Nations negative list | Match of customer details with individuals/entities on various UNSCR Lists | High |
| Dealing in counterfeit products | Frequent customer complaints with respect to dealing in counterfeit products | High |
Sometimes the behaviour of the customer may also trigger suspicion about the compliance with AML guidelines. Such occurrences should be reported by the concerned PayFi employee to the Risk Team. Such behaviour includes but is not limited to:
a. A customer who is reluctant to provide the information needed for a mandatory report. b. Any individual or group that coerces/induces or attempts to coerce/induce the Company employee from not filing any compliance report or any other control forms.
c. Wilful negligence / wilful blindness of an employee occurs repeatedly
d. There are reasonable doubts over the real nature of the transactions
e. An account where customer intentionally split the transaction into several smaller amounts to avoid filing of compliance report.
v Annexure 4 – List of Banned Entities/Persons
1. Unlawful Activities (Prevention) (UAPA)
Company shall ensure that in terms of Section 51A of the Unlawful Activities (Prevention) (UAPA) Act, 1967 and amendments thereto, it does not have an account in the name of individuals/entities appearing in the lists of individuals and entities, suspected of having terrorist links, which are approved by and periodically circulated by the United Nations Security Council (UNSC).
In addition to the above, other UNSCRs circulated by the Reserve Bank in respect of any other jurisdictions/ entities from time to time shall also be taken note of.
2. Financial Action Task Force (FATF) list
FATF Statements circulated by Reserve Bank of India from time to time, and publicly available information, for identifying countries, which do not or insufficiently apply the FATF Recommendations, shall be considered. Risks arising from the deficiencies in AML/CFT regime of the jurisdictions included in the FATF Statement shall be considered.
vi Annexure 5: Records Management
To maintain, preserve and report the customer account information, with reference to the provisions of PML Act and Rules, the Company shall:
a) Maintain all necessary records of transactions between the Company and the customer for at least 5 years from the date of transaction.
b) Preserve the records pertaining to the identification of the customers and their addresses obtained while on boarding a customer for at least 5 years after the business relationship is ended.
c) Make available the identification records and transaction data to the competent authorities upon request.
d) The Company shall maintain a record of transactions as prescribed in Rule 3 of the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 of the Prevention of Money Laundering Act, 2002 (hereinafter referred to as “Identified Transactions” for the purpose of this policy). Refer link for the list of transactions required to be reported – Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 (bareactslive.com).
e) Information to be preserved – The information required to be preserved with respect to the Identified Transactions are the nature of transactions, amount, and the currency in which it was denominated, date of transaction and the parties to the transaction.
f) Periodicity of retention:
a. The records of Identified transactions shall be retained for a minimum period of ten years;
b. The customer identification information and residence identification information including the documentary evidence thereof;
c. All other necessary records pertaining to the transactions that could be produced as evidence for the prosecution of persons involved in criminal activity.
d. The above records shall be maintained either in hard or soft format and shall be made available to the competent authorities upon request.
vii Annexure 6: Principal Officer & Designated Director – Roles
Role Designation Responsibilities
Designated Director
Director and CEO ceo@PayFi.co.in
To ensure overall compliance with the obligations imposed under chapter IV of the PML Act 2002 and rules which include:
• Ensuring maintenance of records
• Ensuring access to information required by the Director, FIU-IND
| Principal Officer | Risk Head Risk@payi.co.in | Ensuring Compliance to • Monitoring of Transactions • Sharing and Reporting information under regulatory guidelines on KYC/AML/CFT |
viii Annexure 7: Reporting to Financial Intelligence Unit India
• The reporting of STR , CTR & CCR information is required to be filled/submitted online on the FINnet Gateway Portal (https://finnet.gov.in/).
