KYC and PMLA Policy
INTRODUCTION
The Reserve Bank of India (RBI) has issued comprehensive 'Know Your Customer' (KYC) Guidelines to all Non-Banking Financial Companies (NBFCs) in the context of the recommendations made by the Financial Action Task Force (FATF) on Anti Money Laundering (AML) and Combating Financing of Terrorism (CFT). In view of the same, Amros Commercial Private Limited ("Herein after referred as, "the Company" or "Amros") has adopted the said KYC guidelines with suitable modifications depending on the activities undertaken by it.
The Company has formulated this KYC Policy based on RBI's Master Direction- Know Your Customer (KYC) Direction, 2016, dated 25th February 2016, updated as on July 12, 2018. The Company would ensure strict compliance with the Prevention of Money-Laundering (PML) Act, 2002 and the Prevention of Money-Laundering (PML) (Maintenance of Records) Rules, 2005 and RBI's Master Direction-KYC Direction, 2016 and any subsequent amendments/instructions issued by RBI.
We, Amros Commercial Pvt Ltd are registered with RBI as NBFC company carrying of business of NBFC activities shall maintain a record of all the transaction; the nature & value of which has been prescribed under the Prevention of Money Laundering Act. The Company is a non-deposit taking NBFC and, as such, is not exposed to many of the risks that a deposit-taking company is exposed to.
This policy has been approved by the Company's Board of Directors. Any changes to the policy would need the approval of the Board of Directors. The policy would be updated as and when required.
OBJECTIVES, SCOPE AND APPLICATION OF THE POLICY:
- To prevent money laundering or terrorist financing activities;
- To enable the Company to know and understand its Customers and their financial dealings better which in turn help the Company to manage its risks prudently;
- To put in place appropriate controls for detection and reporting of suspicious activities in accordance with applicable laws/laid down procedures;
- To comply with applicable laws and regulatory guidelines;
- To ensure that the concerned staff is adequately trained in KYC/AML/CFT procedures. This KYC Policy should be read in conjunction with related operational guidelines issued from time to time.
Designated Director
The Board has nominated a Designated Director, who will ensure overall compliance with the obligations imposed under Chapter IV of the Prevention of Money Laundering Act and the Rules framed thereunder. The name, designation, and address of the Designated Director have been communicated to the Financial Intelligence Unit, India (FIU-IND). It would be ensured that the Principal Officer, referred to below, would not be nominated as the Designated Director.
Principal Officer
The Board has nominated a senior officer as the Principal Officer, who would be responsible for ensuring compliance, monitoring transactions, and sharing and reporting information to the Financial Intelligence Unit (FIU-IND), as required under the law/regulations. The name, designation, and address of the Principal Officer had been communicated to FIU-IND.
KEY ELEMENTS OF THE POLICY:
The Company is primarily in the business of lending to its customers who are individuals through its app "Loanbaba". Loanbaba is a mobile app that facilitates the provision of personal loans, based on the details provided by the customer in the mobile application form, and through other modes of communication.
This Policy includes the following elements:
- Customer Acceptance Policy (CAP)
- Risk Management
- Customer Identification Procedures (CIP) and Customer Due Diligence (CDD)
- Monitoring of Transactions
- Reliance on third-party due diligence
- Record Keeping
- Introduction of New Technologies
- Training Programme
- Reporting to the Financial Intelligence Unit- India
a) Customer Acceptance Policy ("CAP"):
The Company's CAP lays down the criteria for acceptance of Customers. The guidelines in respect of customer relationship in the Company broadly include the following:
- No account shall be opened by the Company in anonymous or fictitious/benami names.
- Accept customers only after verifying their identity, as per CDD Procedures defined aforesaid, and shall be followed for all the joint account holders (including guarantors) as well, while opening a joint account. No Account shall be opened where the Company is unable to apply appropriate Customer due diligence (CDD) measures, either due to non-cooperation of the customer or non-reliability of the documents/information furnished by the customer.
- No transaction or account-based relationship is to be undertaken without following the CDD procedure.
- In the event, the Customer is permitted to act on behalf of another person/entity, the Company shall verify that the Customer has the necessary authority to do so by scrutinizing the authorizing document/s.
- The mandatory information to be sought for KYC purposes while opening an account and during the periodic updation shall be as specified by the Policy and as amended or specified from time to time. Any exceptions shall be discussed/informed with the Principal Officer.
- If the customer or the beneficial owner is a PEP, then the same shall be specifically highlighted to the Principal Officer for their approval.
- In addition to the above, other UNSCRs circulated by the Reserve Bank in respect of any other jurisdictions/entities from time to time shall also be taken note of. Implementation of CAP should not become too restrictive and result in denial of services to the general public, especially to those who are financially or socially disadvantaged.
- The Company shall seek only such information from the customer which is relevant to the risk category and is not intrusive. Any other information from the customer should be sought separately with his/her consent and after opening the account.
- United Nations Security Council (UNSC) Lists: If the name of the customer entity/individuals appears on the lists of individuals and entities, suspected of having terrorist links, no account shall be opened by the Company.
b) Risk Management:
As per the KYC policy, for acceptance and identification, the Company's Customers would be categorized based on perceived risk, broadly into three categories – A, B & C. Category A would include High-Risk Customers, Category B would include Medium Risk Customers while Category C would include Low-Risk Customers.
None of the Customers will be exempted from the Company's KYC procedures, irrespective of the status and relationship with the Company or its Promoters. The due diligence to be exercised would depend on the risk categorisation of the customers. Enhanced due diligence will be carried out in respect of customers falling in the medium and high-risk categories.
The Company currently lends to a salaried Indian resident. Broad categorization is based on income, age profile, bank statement health, credit bureau report, and other obligations of the customer. Individuals whose identities and sources of wealth can be easily identified and transactions in whose accounts by and large conform to the known profile, shall be categorized as low risk by the Company. Illustrative examples of a low-risk Customer of the Company would be salaried employees whose salary structures are well defined, people belonging to lower economic strata of the society whose accounts show small balances and low turnover, Government departments, and Government-owned companies, regulators and statutory bodies, etc. Customers that are likely to pose a higher than average risk to the Company will be categorized as medium or high risk depending on the Customer's background, nature, location of the activity, profile, etc. Examples of customers for which Company may undertake higher due diligence:
- Employees of Trusts, charities, NGOs, and organizations receiving donations;
- PEP;
- PEPs of foreign origin;
- Persons having very Low Social Loan Quotient (SLQ).
c) Customer Identification Procedures ("CIP") and Customer Due Diligence (CDD):
Customer Identification means identifying the Customer and verifying his/her identity by using reliable, independent source documents, data, or information. The Company would obtain sufficient information necessary to verify the identity of each new Customer along with brief details of its employer.
The Company would obtain sufficient identification data to verify the identity of the Customer, his address/location, his employment details, and also his recent photograph. The Company does not provide loans to non-individuals and hence this KYC Policy does not refer to the documentation and KYC Procedures for Customers that are legal persons or entities.
The Company would periodically update the Customer Identification Data after a transaction is entered into. The periodicity of updating of the Customer Identification data would be once in five years in the case of low-risk category customers and once in two years in the case of high and medium risk categories.
Allotment of Unique Customer Identification Code
The Company will allot a Unique Customer Identification Code (UCIC) while entering into new relationships with individual customers, which would help the Company identify its customers, track the facilities availed, holistically monitor financial transactions and enable the Company to have a better approach for risk profiling of customers.
d) Monitoring of Transactions:
The Company shall monitor its lending activities and will pay special attention to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose.
The Company does not accept any deposits. Most of the Company's loans are small-term based EMI loans across all categories of borrowers. Hence the transactions with the Company will at all times be restricted to the EMI/loan repayable over the tenor of the loan.
e) Reliance on third-party due diligence:
To verify the identity of customers at the time of commencement of a relationship, the Company may rely on customer due diligence done by a third party, subject to the following conditions:
- Necessary information of such customers' due diligence carried out by the third party is immediately obtained by the Company.
- Copies of identification data and other relevant documentation relating to the customer due diligence requirements shall be made available from the third party upon request without delay.
- The third party is regulated, supervised, or monitored for, and has measures in place for compliance with customer due diligence and record-keeping requirements in line with the requirements and obligations under the PML Act.
- The third party is not based in a country or jurisdiction assessed as high risk.
However, the ultimate responsibility for customer due diligence will be with the Company. The Company would ensure that decision-making functions of determining compliance with KYC norms are not outsourced.
f) Record Keeping:
The Company would adhere to applicable instructions for maintenance, preservation, and reporting of customer account information with reference to the provisions of the PML Act and the Rules made thereunder. The Company would:
- maintain all necessary records of transactions between the Company and the customer for at least five years from the date of the transaction;
- preserve the records pertaining to the identification of the customers and their addresses obtained while sanctioning the loan and during the course of a business relationship, for at least five years after the business relationship is ended;
- make available the identification records and transaction data to the competent authorities upon request;
- introduce a system of maintaining proper record of transactions prescribed under Rule 3 of Prevention of Money Laundering (Maintenance of Records) Rules, 2005 (PML Rules, 2005);
- maintain all necessary information in respect of transactions prescribed under PML Rule 3 to permit reconstruction of individual transactions, including the nature, amount, currency, date, and parties to the transaction;
- evolve a system for proper maintenance and preservation of account information in a manner that allows data to be retrieved easily and quickly whenever required or when requested by the competent authorities;
- maintain records of the identity and address of their customer, and records in respect of transactions referred to in Rule 3 of the PML Rules in hard or soft format.
g) Introduction of New Technologies:
Adequate attention would be paid by Company to any money-laundering and financing of terrorism threats that may arise from new or developing technologies. The Company would ensure that appropriate KYC procedures issued from time to time are duly applied before introducing new products/services/technologies.
h) Training Programme:
The Company would put in place an adequate screening mechanism as an integral part of its recruitment/hiring process of personnel to ensure that persons of criminal nature/background do not get access to misuse the financial channel.
The Company would conduct ongoing employee training programs so that members of the staff fully understand the rationale behind the KYC Policy and ensure compliance with the same. Training requirements would have a different focus for front-line staff, compliance staff, and officers/staff dealing with new customers.
i) Reporting to Financial Intelligence Unit – India:
- The Company will furnish the required information as referred to in the PML (Maintenance of Records) Rules, 2005 to the Director, Financial Intelligence Unit-India (FIU-IND).
- In case a Suspicious Transaction Report (STR) is filed, the Company would ensure that the fact of furnishing of STR is kept strictly confidential. It would be ensured that there is no tipping off to the customer at any level.
- The Company would put in place a robust management information system, which would highlight/throw up alerts when the transactions are inconsistent with risk categorization and when there are suspicious transactions.
- Details of accounts resembling any of the individuals/entities in lists as referred under the head "Customer Acceptance Policy" or any other UN Security Council Resolutions (UNSCRs) circulated by RBI would be reported to FIU-IND apart from advising the Ministry of Home Affairs.
The Company will file the Suspicious Transaction Report (STR) to FIU-IND within 7 days of concluding that any transaction, whether cash or non-cash or a series of transactions integrally connected are suspicious.
Indicative list of suspicious transactions/reasons for suspicion:Identity of client
- False identification documents
- Identification documents that could not be verified within a reasonable time
- Accounts opened with names very close to other established business entities
Background of client
- Suspicious background or links with known criminals
Multiple accounts
- A large number of accounts have a common account holder, introducer, or authorized signatory with no rationale
Activity in accounts
- Unusual activity compared with past transactions
Nature of transactions
- Unusual or unjustified complexity
- Involves proceeds of a criminal/illegal activity, regardless of the value involved
- No economic rationale or bonafide purpose
- Frequent purchases of drafts or other negotiable instruments with cash
- Nature of transactions inconsistent with what would be expected from declared business
- Reasonable ground of suspicion that it may involve financing of activities relating to terrorism
Value of transactions
- Value just under the reporting threshold amount in an apparent attempt to avoid reporting
- Value inconsistent with the client's apparent financial standing
Customer Identification Procedure and Documents:
Documents as proof of identity:
- PAN Card
- Passport
- Voter ID
- Driving license
- Aadhaar (UIDAI)
- Identity Card (Subject to NBFC Satisfaction)
- Letter from a recognized public authority or public servant verifying the identity and residence of the customer
Documents as proof of address:
- Aadhaar
- Bank passbook/statement
- Ration card
- Latest Telephone bill
- Latest Electricity Bill
- Letter from any recognized public authority
- Letter from employer (subject to satisfaction of the NBFC)
As per the recent amendment in The Prevention of Money Laundering (PMLA) Act 2002 by the Ministry of Finance, the Company conducts a Video-Based Customer Identification Process (V-CIP) as a means to verify customers electronically. The steps involved include:
- Customer registers on the website or mobile app
- Once approved, an official invites the customer to a video call
- The customer's Aadhaar card is verified through Aadhaar authentication
- The official asks the customer to display their PAN card whose image is captured and authenticated
- The official verifies the customer's real-time location using geo-tagging
- The official matches the customer's image with the image in the PAN card using facial matching
- The official asks the customer questions to ensure it is a live interaction
- The session is concluded and the officer decides whether to accept the customer's video KYC information
- The recorded video interaction is stored for future use
The Company would also obtain the bank statement of the borrower. Additional documents may be called for, if necessary.