KYC and PMLA Policy


The Reserve Bank of India (RBI) has issued comprehensive ‘Know Your Customer’ (KYC) Guidelines to all Non-Banking Financial Companies (NBFCs) in the context of the recommendations made by the Financial Action Task Force (FATF) on Anti Money Laundering (AML) and Combating Financing of Terrorism (CFT). In view of the same, Amros Commercial Private Limited (“Herein after referred as, “the Company” or “Amros”) has adopted the said KYC guidelines with suitable modifications depending on the activities undertaken by it.

The Company has formulated this KYC Policy based on RBI’s Master Direction- Know Your Customer (KYC) Direction, 2016, dated 25th February 2016, updated as on July 12, 2018. The Company would ensure strict compliance with the Prevention of Money-Laundering (PML) Act, 2002 and the Prevention of Money-Laundering (PML) (Maintenance of Records) Rules, 2005 and RBI’s Master Direction-KYC Direction, 2016 and any subsequent amendments/ instructions issued by RBI.

We, Amros Commercial Pvt Ltd are registered with RBI as NBFC company carrying of business of NBFC activities shall maintain a record of all the transaction; the nature & value of which has been prescribed under the Prevention of Money Laundering Act. The Company is a non-deposit taking NBFC and, as such, is not exposed to many of the risks that a deposit-taking company is exposed to

This policy has been approved by the Company’s Board of Directors. Any changes to the policy would need the approval of the Board of Directors. The policy would be updated as and when required.


  • To prevent money laundering or terrorist financing activities;
  • To enable the Company to know and understand its Customers and their financial dealings better which in turn help the Company to manage its risks prudently;
  • To put in place appropriate controls for detection and reporting of suspicious activities in accordance with applicable laws/laid down procedures;
  • To comply with applicable laws and regulatory guidelines;
  • To ensure that the concerned staff is adequately trained in KYC/AML/CFT procedures. This KYC Policy should be read in conjunction with related operational guidelines issued from time to time.
Designated Director

The Board has nominated a Designated Director, who will ensure overall compliance with the obligations imposed under Chapter IV of the Prevention of Money Laundering Act and the Rules framed thereunder. The name, designation, and address of the Designated Director have been communicated to the Financial Intelligence Unit, India (FIU-IND). It would be ensured that the Principal Officer, referred to below, would not be nominated as the Designated Director.

Principal Officer

The Board has nominated a senior officer as the Principal Officer, who would be responsible for ensuring compliance, monitoring transactions, and sharing and reporting information to the Financial Intelligence Unit (FIU-IND), as required under the law/regulations. The name, designation, and address of the Principal Officer had been communicated to FIU-IND.


The Company is primarily in the business of lending to its customers who are individuals through its app “Loanbaba”. Loanbaba is a mobile app that facilitates the provision of personal loans, based on the details provided by the customer in the mobile application form, and through other modes of communication.

This Policy includes the following elements:

  • Customer Acceptance Policy (CAP)
  • Risk Management
  • Customer Identification Procedures (CIP) and Customer Due Diligence (CDD)
  • Monitoring of Transactions
  • Reliance on third-party due diligence
  • Record Keeping
  • Introduction of New Technologies
  • Training Programme
  • Reporting to the Financial Intelligence Unit- India
a) Customer Acceptance Policy (“CAP”):

The Company’s CAP lays down the criteria for acceptance of Customers. The guidelines in respect of customer relationship in the Company broadly include the following:

  • No account shall be opened by the Company in anonymous or fictitious/benami names.
  • Accept customers only after verifying their identity, as per CDD Procedures defined aforesaid, and shall be followed for all the joint account holders (including guarantors) as well, while opening a joint account. No Account shall be opened where the Company is unable to apply appropriate Customer due diligence (CDD) measures, either due to non-cooperation of the customer or non-reliability of the documents/information furnished by the customer.
  • No transaction or account-based relationship is to be undertaken without following the CDD procedure.
  • In the event, the Customer is permitted to act on behalf of another person/entity, the Company shall verify that the Customer has the necessary authority to do so by scrutinizing the authorizing document/s.
  • The mandatory information to be sought for KYC purposes while opening an account and during the periodic updation shall be as specified by the Policy and as amended or specified from time to time. Any exceptions shall be discussed / informed with the Principal Officer.
  • If the customer or the beneficial owner is a PEP, then the same shall be specifically highlighted to the Principal Officer for their approval.
  • In addition to the above, other UNSCRs circulated by the Reserve Bank in respect of any other jurisdictions/ entities from time to time shall also be taken note of. Implementation of CAP should not become too restrictive and result in denial of services to the general public, especially to those who are financially or socially disadvantaged.
  • The Company shall seek only such information from the customer which is relevant to the risk category and is not intrusive. Any other information from the customer should be sought separately with his/her consent and after opening the account.
  • United Nations Security Council (UNSC) Lists: If the name of the customer entity/individuals appears on the 2 lists of individuals and entities, suspected of having terrorist links, no account shall be opened by the Company.
b) Risk Management:

As per the KYC policy, for acceptance and identification, the Company’s Customers would be categorized based on perceived risk, broadly into three categories – A, B & C. Category A would include High-Risk Customers, Category B would include Medium Risk Customers while Category C would include Low-Risk Customers.

None of the Customers will be exempted from the Company’s KYC procedures, irrespective of the status and relationship with the Company or its Promoters. The due diligence to be exercised would depend on the risk categorisation of the customers. Enhanced due diligence will be carried out in respect of customers falling in the medium and high-risk categories.

The Company currently lends to a salaried Indian resident. Broad categorization is based on income, age profile, bank statement health, credit bureau report, and other obligations of the customer. Individuals whose identities and sources of wealth can be easily identified and transactions in whose accounts by and large conform to the known profile, shall be categorized as low risk by the Company. Illustrative examples of a low-risk Customer of the Company would be salaried employees whose salary structures are well defined, people belonging to lower economic strata of the society whose accounts show small balances and low turnover, Government departments, and Government-owned companies, regulators and statutory bodies, etc. In such cases, the Policy may require that only the basic requirements of verifying the identity and location of the Customer are to be met. Customers that are likely to pose a higher than average risk to the Company will be categorized as medium or high risk depending on the Customer’s background, nature, location of the activity, profile, etc. The Company may apply enhanced due diligence measures based on the risk assessment, thereby requiring intensive ‘due diligence’ for higher risk customers, especially those for whom the sources of funds are not clear. Examples of customers for which Company may undertake higher due diligence is as under:

  • Employees of Trusts, charities, NGOs, and organizations receiving donations,
  • PEP;
  • PEPs of foreign origin,
  • Persons having very Low Social Loan Quotient (SLQ) i.e. SLQ Grade. (SLQ is a proprietary credit rating score developed by the Company)
c) Customer Identification Procedures (“CIP”) and Customer Due Diligence (CDD):

Customer Identification means identifying the Customer and verifying his/her identity by using reliable, independent source documents, data, or information. The Company would obtain sufficient information necessary to verify the identity of each new Customer along with brief details of its employer.

The Company would obtain sufficient identification data to verify the identity of the Customer, his address/location, his employment details, and also his recent photograph. The Company does not provide loans to non-individuals and hence this KYC Policy does not refer to the documentation and KYC Procedures for Customers that are legal persons or entities. As and when the Social Loan would be accessible to non-individuals, applicable KYC Policy for the same would be included herein in terms of the RBI guidelines. The Company would adhere to the customer identification requirements keeping in view the applicable provisions of the PML Act and Rules and as per the directions issued by RBI in this respect.

The Company would periodically update the Customer Identification Data after a transaction is entered into. The periodicity of updating of the Customer Identification data would be once in five years in the case of low-risk category customers and once in two years in the case of high and medium risk categories.

Allotment of Unique Customer Identification Code

The Company will allot a Unique Customer Identification Code (UCIC) while entering into new relationships with individual customers, which would help the Company identify its customers, track the facilities availed, holistically monitor financial transactions and enable the Company to have a better approach for risk profiling of customers.

d) Monitoring of Transactions:

The Company shall monitor its lending activities and will pay special attention to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose.

The Company does not accept any deposits. Most of the Company’s loans are small-term based EMI loans across all categories of borrowers. Hence the transactions with the Company will at all times be restricted to the EMI/loan repayable over the tenor of the loan. No other transactions whatsoever nature other than the repayment of the loan with interest will be carried out by the Customer with the Company.

e) Reliance on third-party due diligence:

To verify the identity of customers at the time of commencement of a relationship, the Company may rely on customer due diligence done by a third party, subject to the following conditions:

  • Necessary information of such customers’ due diligence carried out by the third party is immediately obtained by the Company.
  • Copies of identification data and other relevant documentation relating to the customer due to diligence requirements shall be made available from the third party upon request without delay.
  • The third party is regulated, supervised, or monitored for, and has measures in place for compliance with customer due diligence and record-keeping requirements in line with the requirements and obligations under the PML Act.
  • The third party is not based in a country or jurisdiction assessed as high risk.

However, the ultimate responsibility for customer due diligence will be with the Company.

The Company would ensure that decision-making functions of determining compliance with KYC norms are not outsourced.

f) Record Keeping:

The Company would adhere to applicable instructions for maintenance, preservation, and reporting of customer account information with reference to the provisions of the PML Act and the Rules made thereunder. The Company would

  • maintain all necessary records of transactions between the Company and the customer for at least five years from the date of the transaction;
  • preserve the records pertaining to the identification of the customers and their addresses obtained while sanctioning the loan and during the course of a business relationship, for at least five years after the business relationship is ended;
  • make available the identification records and transaction data to the competent authorities upon request;
  • introduce a system of maintaining proper record of transactions prescribed under Rule 3 of Prevention of Money Laundering (Maintenance of Records) Rules, 2005 (PML Rules, 2005);
  • maintain all necessary information in respect of transactions prescribed under PML Rule 3 to permit reconstruction of individual transactions, including the following:
    • the nature of the transactions;
    • the amount of the transaction and the currency in which it was denominated;
    • the date on which the transaction was conducted; and
    • the parties to the transaction.
  • evolve a system for proper maintenance and preservation of account information in a manner that allows data to be retrieved easily and quickly whenever required or when requested by the competent authorities;
  • maintain records of the identity and address of their customer, and records in respect of transactions referred to in Rule 3 of the PML Rules in hard or soft format.
g) Introduction of New Technologies:

Adequate attention would be paid by Company to any money-laundering and financing of terrorism threats that may arise from new or developing technologies. The Company would ensure that appropriate KYC procedures issued from time to time are duly applied before introducing new products/services/technologies.

h) Training Programme:

The Company would put in place an adequate screening mechanism as an integral part of its recruitment/ hiring process of personnel to ensure that persons of criminal nature/ background do not get access to misuse the financial channel.

The Company would conduct ongoing employee training programs so that members of the staff fully understand the rationale behind the KYC Policy and ensure compliance with the same.

Training requirements would have a different focus for front-line staff, compliance staff, and officers/ staff dealing with new customers. The front desk staff would be specially trained to handle issues arising from a lack of customer education.

i) Reporting to Financial Intelligence Unit – India:
  • The Company will furnish the required information as referred to in the PML (Maintenance of Records) Rules, 2005 to the Director, Financial Intelligence Unit-India (FIU-IND).
  • In case a Suspicious Transaction Report (STR) is filed, the Company would ensure that the fact of furnishing of STR is kept strictly confidential. It would be ensured that there is no tipping off to the customer at any level.
  • The Company would put in place a robust management information system, which would highlight/ throw up alerts when the transactions are inconsistent with risk categorization and when there are suspicious transactions.
  • Details of accounts resembling any of the individuals/entities in lists as referred under the head “Customer Acceptance Policy” or any other UN Security Council Resolutions (UNSCRs) circulated by RBI would be reported to FIU-IND apart from advising the Ministry of Home Affairs.

The Company will file the Suspicious Transaction Report (STR) to FIU-IND within 7 days of concluding that any transaction, whether cash or non-cash or a series of transactions integrally connected are suspicious. However, by the regulatory requirements, the Company will not put any restriction on operations in the accounts where an STR has been filed. An indicative list of suspicious transactions/reasons for suspicion is listed below:

Identity of client
  • False identification documents
  • Identification documents that could not be verified within a reasonable time
  • Accounts opened with names very close to other established business entities
Background of client
  • Suspicious background or links with known criminals
Multiple accounts
  • A large number of accounts have a common account holder, introducer, or authorized signatory with no rationale
Activity in accounts
  • Unusual activity compared with past transactions
Nature of transactions
  • Unusual or unjustified complexity
  • Involves proceeds of a criminal / illegal activity, regardless of the value involved
  • No economic rationale or bonafide purpose
  • Frequent purchases of drafts or other negotiable instruments with cash
  • Nature of transactions inconsistent with what would be expected from declared business
  • Reasonable ground of suspicion that it may involve financing of activities relating to terrorism and/or account holder / beneficial owner linked or related to terrorist, a terrorist organization, or those who finance or attempt to finance terrorist activities.
Value of transactions
  • Value just under the reporting threshold amount in an apparent attempt to avoid reporting
  • Value inconsistent with the client’s apparent financial standing
List of Suspicious Transactions –
  • Reluctant to part with information, data, and documents
  • Submission of false documents, the purpose of the loan, and detail of accounts
  • Reluctance to furnish details of the source of funds of an initial contribution
  • Approaching a distant branch away from own address
  • Maintaining multiple accounts without explanation
  • Payment of initial contribution through unrelated third party account
  • Suggesting dubious means for sanction of loan
  • Where transactions do not make economic sense
  • Where doubt about beneficial ownership
  • Encashment of the loan through a fictitious bank account
  • Sale consideration quoted higher or lower than prevailing area prices
  • Request for payment in favour of the third-party with no relation to a transaction
  • Usage of the loan amount for purposes other than stipulated in connivance with vendors, or agent
  • Frequent requests for change of address
  • Overpayment of instalments with a request to refund the overpaid amount
  • Approvals/sanctions from authorities are proved to be fake
  • Overpayment of instalments with a request to refund the overpaid amount
Customer Identification Procedure and Documents that would be obtained from Customers, who are individuals:

1) The Company would obtain the information from an individual borrower, as prescribed by RBI from time to time. The documents may be uploaded by the borrower in pdf/jpg format.

Documents as proof of identity

  • PAN Card
  • Passport
  • Voter ID
  • Driving license
  • Aadhaar (UDIAI)
  • Identity Card (Subject to NBFC Satisfaction)
  • Letter from a recognized public authority or public servant verifying the identity and residence of the customer to the satisfaction of NBFC

Documents as Proof of address

  • Aadhaar
  • Bank passbook/ statement
  • Ration card
  • Latest Telephone bill
  • Latest Electricity Bill
  • Letter from any recognized public authority
  • Letter from employer (subject to satisfaction of the NBFC)

2) As per the recent amendment in The Prevention of Money Laundering (PMLA) Act 2002 by the Ministry of Finance allows several modes of capturing details of customers electronically. The notification states that the government should bring in, Video KYC to capture customer details electronically. Subsequently, RBI has legitimized the Video-Based Customer Identification Process(VCIP) as a means to verify customers, in accordance with the above The Company conducts a video-based customer due diligence process involving digital KYC. The steps involved in the process are listed below

  • Customers of the Company need to register on the website or mobile app of the entity
  • Once a customer’s loan has been approved an official from the Company asks the customer to initiate the video KYC process by inviting the customer to a video call
  • The customer’s Aadhaar card is then verified. This is done through Aadhaar authentication for banks and offline for other entities
  • The official asks the customer to display their PAN card whose image is captured and authenticated
  • The official also verifies the customer’s real-time location using geo-tagging software
  • The official then matches the customer’s image captured on video with the image in the PAN card using facial matching capabilities
  • The official asks the customer three questions to ensure that it is a live interaction
  • The session is concluded and the officer decides whether or not to accept the customer’s video KYC information
  • Finally, the official stores the recorded video interaction for future use

3) The Company would also obtain the bank statement of the borrower.

Additional documents may be called for, if necessary. The Company would advise the customer to make the first payment from a Bank with whom the Customer has completed all KYC requirements.