KNOW YOUR CUSTOMER (KYC)
KNOW YOUR CUSTOMER (KYC), ANTI-MONEY LAUNDERING (AML) AND COUNTERING THE FINANCING OF TERRORISM (CFT) POLICY
Background And Objective
Monedo Financial Services Private Limited (“the Company”), a non-deposit taking, non-systemically important, non-banking financial company in India, regulated by the Reserve Bank of India (“RBI”) offers point of sale loans and personal loans to customers.
The Company has adopted this Know Your Customer and Anti-Money Laundering Policy (“Policy”) to comply with its commitment to follow certain customer identification procedures while undertaking a transaction by establishing a relationship with the Customer, and also monitor their transactions in order to prohibit and actively prevent money laundering and any activity that facilitates money laundering or the funding of terrorist and/or criminal activities. This Policy is in accordance withall applicable directions and guidelines issued by the RBI under the Reserve Bank of India (Know Your Customer (KYC)) Directions, 2016 dated February 25, 2016 (“RBI Master Directions”), along with the Prevention of Money-Laundering Act, 2002 (“PMLA”), the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005(“PML Rules”) and the Aadhaar (Authentication) Regulations, 2016, as amended from time to time. Moreover, this Policy also draws on the Financial Action Task Force’s (FATF) recommendations for combating money laundering and preventing terrorist financing.
Applicability
This Policy applies to the Company, its employees [affiliates] operating in India as well as the branches and majority owned subsidiaries of the Company located abroad (if any), in accordance with the provisions of the RBI Master Directions.
Responsibility
For the purpose of this Policy and to comply with the provisions of the relevant regulatory framework, including, the RBI Master Directions, PMLA and the PML Rules (hereinafter referred to as “Applicable Laws”), the Company has empowered MD&CEO, to be the Designated Director under this Policy to ensure overall compliance with the obligations imposed under the Applicable Laws (“Designated Director”).
For the purpose of ensuring compliance with Applicable Laws, monitoring transactions and sharing and reporting information required under Rule 8 of the PML Rules, the Company has nominated senior company officer, to act as the Principal Officer under this Policy (“Principal Officer”)
Review Of Policy
The Policy shall be reviewed as and when required to effect any changes in Applicable Laws and rules and regulations thereunder. Till such review of the Policy, the contents of the Policy shall always be read in tandem/auto-corrected with the changes/modifications which may be advised by the RBI and/ or by any regulators and/ or by the Company from time to time.
Definitions
For the purposes of the Policy:
“Aadhaar number” means an identification number as defined under the Aadhaar (Targeted Delivery of Financial and other Subsidies, Benefits and Services) Act, 2016.
“CKYCR” means the Central KYC Records Registry, an entity to receive, store, safeguard and retrieve the KYC records in digital form of a customer.
“Customer” means:
Any person or entity that is engaged/ proposes to engage in financial transaction with the Company; or
Any person on whose behalf the person who is engaged in the financial transaction is made or proposed to be made.
All Customers shall be non-face-to-face customers, i.e. customers who open accounts without visiting the branch/offices of the Company or meeting the officials of the Company.
“OTP” means One-Time Password.
“OTP based authentication” means the authentication type wherein an OTP created with limited time validity, is sent to the mobile number and/ or e-mail address of the Aadhaar number holder (viz. potential customer) who then provides this OTP along his with Aadhaar number during authentication and the same is matched with the OTP generated by UIDAI.
“Offline Verification”, as defined in the Aadhaar and Other Law (Amendment) Ordinance, 2019, means the process of verifying the identity of the Aadhaar number holder without authentication, through such offline modes as may be specified by the Aadhaar regulations.
“Officially Valid Document/ OVD” OVD is defined to mean any one of the following: the passport, the driving license, proof of possession of Aadhaar number, the Voter’s Identity Card issued by Election Commission of India, job card issued by NREGA duly signed by an officer of the State Government, letter issued by the National Population Register containing details of name and address.
Provided that,
- where the customer submits his proof of possession of Aadhaar number as an OVD, he may submit it in such form as are issued by the Unique Identification Authority of India.
- where the OVD furnished by the customer does not have updated address, the following documents shall be deemed to be OVDs for the limited purpose of proof of address: –
- utility bill which is not more than two months old of any service provider (electricity, telephone, post-paid mobile phone, piped gas, water bill);
- property or Municipal tax receipt;
iii. pension or family pension payment orders (PPOs) issued to retired employees by Government Departments or Public Sector Undertakings, if they contain the address;
- letter of allotment of accommodation from employer issued by State Government or Central Government Departments, statutory or regulatory bodies, public sector undertakings, scheduled commercial banks, financial institutions and listed companies and leave and licence agreements with such employers allotting official accommodation;
- the customer shall submit OVD with current address within a period of three months of submitting the documents specified at ‘b’ above
- where the OVD presented by a foreign national does not contain the details of address, in such case the documents issued by the Government departments of foreign jurisdictions and letter issued by the Foreign Embassy or Mission in India shall be accepted as proof of address.
Explanation: For the purpose of this clause, a document shall be deemed to be an OVD even if there is a change in the name subsequent to its issuance provided it is supported by a marriage certificate issued by the State Government or Gazette notification, indicating such a change of name.
“Certified Copy of OVD” – Obtaining a certified copy by the Company shall mean comparing the copy of officially valid document so produced by the customer with the original and recording the same on the copy by the authorised officer of the Company.
“Politically Exposed Persons/ PEPs” means individuals who are or have been entrusted with prominent public functions in a foreign country, e.g., Heads of States/Governments, senior politicians, senior government/judicial/military officers, senior executives of state-owned corporations, important political party officials, etc.
“Suspicious Transaction” means a transaction which, to a person acting in good faith (a) gives rise to a reasonable ground of suspicion that it may involve the proceeds of crime; or (b) appears to be made in circumstances of unusual or unjustified complexity; or (c) appears to have no economic rationale or bonafide purpose or (d) gives rise to a reasonable ground of suspicion that it may involve financing of activities relating to terrorism.
“UIDAI” means the Unique Identification Authority of India.
Customer Identification Procedure
The Company shall undertake identification of its Customers during the following stages:
Commencement of an account-based relationship with the Customer.
When there is a doubt about the authenticity or adequacy of the customer identification data it has obtained.
Selling third party products as agents, selling their own products, payment of dues of credit cards/sale and any other product for more than Rs.50,000.
When the Company has reason to believe that a customer is intentionally structuring a transaction into a series of transactions below the threshold of Rs. 50,000.
While undertaking customer identification, the Company shall be mindful that decision-making functions of determining compliance with KYC norms shall not be outsourced by the Company.
Customer Acceptance Procedure
The Company shall ensure that:
No account is opened in anonymous or fictitious/benami name.
No account is opened where the Company is unable to apply appropriate customer due diligence measures, either due to non-cooperation of the Customer or non-reliability of the documents/information furnished by the Customer.
No transaction or Customer relationship is undertaken without following the customer due diligence procedure.
The mandatory information to be sought for KYC purpose while opening an account and during the periodic updates, is specified.
‘Optional’/additional information, is obtained with the explicit consent of the Customer after the account is opened.
Customer due diligence procedure is followed for all the joint account holders, while opening a joint account.
Circumstances in which, a Customer is permitted to act on behalf of another person/entity, is clearly spelt out.
Suitable system is put in place to ensure that the identity of the Customer does not match with any person or entity, whose name appears in the sanctions lists circulated by RBI.
The Company shall also build in necessary safeguards to avoid harassment to the Customer. For instance, a decision to close the account shall be taken only after giving due notice to the Customer explaining the reasons for the decision. Any instance of denying the Company’s services to potential Customers in case of non-fulfilment of KYC compliance must be recorded in writing.
Information collected from the Customer for the purpose of opening of account shall be kept confidential and the Company shall not divulge any details thereof for cross selling or any other purposes. Information sought from the Customer shall be relevant to the perceived risk, shall not be intrusive, and shall be in conformity with the guidelines issued by RBI from time to time. Any other information sought separately from the Customer for the purpose of providing services shall be with his /her express consent and after opening the account.
Customer Due Diligence (CDD)
For undertaking CDD, the Company shall obtain the following from the customer while establishing an account-based relationship or while dealing with the individual who is a beneficial owner, authorised signatory or the power of attorney holder related to any legal entity:
(a) a certified copy of any OVD containing details of his identity and address
(b) one recent photograph
(c) the Permanent Account Number or Form No. 60 as defined in Income-tax Rules, 1962
Provided that, the Company may carry out offline verification of a customer, if he is desirous of undergoing Aadhaar offline verification for identification purpose. In cases where successful authenticattion has been carried out, other OVD and photograph need not be submitted by the customer.
Company shall, where its customer submits his Aadhaar number, ensure such customer to redact or blackout his Aadhaar number through appropriate means where the authentication of Aadhaar number is not required under section 7 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies Benefits and Services) Act.
While obtaining OVDs from the Customer to complete the customer due diligence procedure, it shall be ensured that:
The Customer shall not be required to furnish an additional OVD, if the OVD submitted by the Customer for KYC contains both proof of identity and proof of address.
A Customer shall not be required to furnish separate proof of current address, if it is different from the address recorded in the OVD. In such cases, the Company shall obtain a declaration from the Customer indicating the address to which all correspondence will be made by the Company.
The local address for correspondence, for which their proof of address is not available, shall be verified through ‘positive confirmation’ such as acknowledgment of receipt of letter, telephonic conversation, visits to the place, or the like.
In case it is observed that the address mentioned as per ‘proof of address’ has undergone a change, the Company shall ensure that fresh proof of address is obtained within a period of six months.
In case the person who proposes to open an account does not have an OVD as ‘proof of address’, such person shall provide OVD of the relative (as defined under the Companies Act, 2013) with whom the person is staying, as the ‘proof of address’ as well as obtain a declaration from the relative that the said person is a relative and is staying with him/her.
In case of Politically Exposed Persons (PEPs), the Company shall undertake the following additional compliances:
sufficient information including information about the sources of funds accounts of family members and close relatives should be gathered on the PEP;
the identity of the person should be verified before accepting the PEP as a Customer;
the decision to open an account for a PEP should be taken at a senior level in accordance with the terms of the Policy;
all such accounts would be subjected to enhanced monitoring on an on-going basis;
in the event of an existing Customer subsequently becoming a PEP, senior management’s approval shall be requiredto continue the business relationship;
Where the Company is unable to comply with the customer due diligence requirements, the Company shall not open the customer account, commence business relations or sanction loans.
Risk Management
Each Customeris required to be categorised as (i) low; (ii) medium; and (iii) high risk category, based on the risk perception and assessment of parameters set out below:
Customer’s identity including the ability to confirm identity documents through online/offline or other services offered,
social/financial status,
nature of business activity, and
information about the clients’ business and their location etc.
Given the nature of Customers dealing with the Company, all such Customers are deemed to be categorised under the medium risk category, when in enhanced due diligence shall be optional.
On-going Due Diligence
The Company shall undertake an on-going due diligence of its Customers to ensure that their transactions are consistent with their knowledge about the Customers, Customers’ business, risk profile and the source of funds.
A periodic updation of the KYC records shall be carried out at least once in eight years, subject to the following conditions:
e-KYC process using OTP based authentication, for the purpose of periodic updation shall be allowed provided, while on-boarding, the Customer was subjected to KYC authentication through physical collection of OVDs or through OTP/ biometric based authentication.
The time limits prescribed above would apply from the date of opening of the account/ last verification of KYC.
Fresh photographs shall be obtained from Customer for whom account was opened when they were minor, on their becoming a major.
Sharing Information With CKYCR
The Company shall file the electronic copy of the Customer’s KYC records with CKYCR, in the manner and format specified in the PML Rules.
Record Management
The Company shall maintain logs of the authentication transactions processed by it, but shall not, retain the personal identity information. The logs shall contain the following transaction details, namely:
The Aadhaar number against which authentication is sought;
Specified parameters of authentication request submitted;
Specified parameters received as authentication response;
The record of disclosure of information to the Aadhaar number holder at the time of authentication; and
Record of consent of the Aadhaar number holder for authentication.
The logs of authentication transactions shall be maintained by the Company for a period of 2 (two) years, during which period the Customer shall have the right to access such logs, in accordance with the procedure as may be specified.
Upon expiry of this period of 2 (two) years, the logs shall be archived for a period of 5 (five) years and thereafter, upon expiry of the said period, the logs shall be deleted except those records required to be retained by a court or required to be retained for any pending legal disputes.
The Company shall not share the authentication logs with any person other than the concerned Customer upon his request or for grievance redressal, resolution of disputes or with the UIDAI for audit purposes.
The Company shall comply with all relevant laws, rules and regulations, including but not limited to, the Information Technology Act, 2000 and the Evidence Act, 1872, for storage of these logs.
In addition to the authentication logs specified above, the Company shall also take the following steps in terms of maintenance, preservation and reporting of Customer information:
maintain all necessary records of transactions between the Company and the Customer, both domestic and international, for at least 5 (five) years from the date of transaction;
preserve the records pertaining to the identification of the Customers and their addresses obtained while opening the account and during the course of business relationship, for at least 5 (five) years after the business relationship is ended;
make available the identification records and transaction data to the competent authorities upon request
maintain all necessary information in respect of transactions so as to permit reconstruction of each individual transaction, including information in relation to:
The nature of transactions;
The amount of the transaction and the currency in which it was denominated;
The date on which the transaction was conducted; and
The parties to the transaction.
evolve a system for proper maintenance and preservation of account information in a manner that allows data to be retrieved easily and quickly whenever required or when requested by the competent authorities; and
maintain records of the identity and address of each Customer, and records in respect of transactions in hard or soft format.
The Company shall also maintain the physical copy of updated client records in connection with the identification date, account files and business correspondence with the client, after filing the electronic copy with the CKYCR.
It is the obligation of the Company and specifically, the Designated Director to observe procedure and manner of maintaining information, in compliance with the requirements set out under the Applicable Laws, from time to time.
Reporting Information To The FIU-IND
In the event the Principal Officer arrives at a conclusion that any transaction, or a series of transactions integrally connected are of suspicious nature, he must furnish a Suspicious Transaction Report (“STR”) within 7 working days of the same and must record his reasons for treating any transaction or a series of transactions as suspicious.
The Company shall also report all such attempted transactions in STRs, even if not completed by Customers, irrespective of the amount of the transaction.
The Company is also directed to make STRs if they have reasonable ground to believe that the transaction involve proceeds of crime (irrespective of the amount of transaction).
The Principal Officer will report information relating to suspicious transaction to the Director, FIU-IND as per the terms of the PML Rules, in the prescribed formats as designed and circulated by RBI at the following address:
Director,
FIU-IND,
Financial Intelligence Unit-India,
6th Floor, Hotel Samrat,
Chanakyapuri, New Delhi – 110021
The Principal Officer shall also ensure that it retains a copy of such information for the purposes of official record.
Obligations Under International Agreements
The Company shall ensure that in terms of Section 51A of the Unlawful Activities (Prevention) (UAPA) Act, 1967, it does not have any new or existing account in the name of individuals/entities appearing in the lists of individuals and entities, suspected of having terrorist links, which are approved by and periodically circulated by the United Nations Security Council (UNSC). In addition, other UNSC resolutions circulated by the RBI in respect of any other jurisdictions/ entities from time to time shall also be taken note of.
The two lists are as under:
The “ISIL (Da’esh) & Al-Qaida Sanctions List”, which includes names of individuals and entities associated with the Al-Qaida, available at:
The “1988 Sanctions List”,which consists of individuals (Section A of the consolidated list) and entities (Section B) associated with the Taliban, available at:
Accordingly, details of accounts resembling any of the individuals/entities in the lists shall be reported to FIU-IND apart from advising Ministry of Home Affairs as required under UAPA notification dated August 27, 2009.
Consequences of breach/ default
The Director, FIU-IND is empowered to impose a fine in case of failure to comply with the obligations of maintenance of records, furnishing information and verifying the identity of the Customers. In such case, the amount of fine may vary from Rs. 10,000 to Rs. 1,00,000 for each failure.
In case the Company is found in contravention of any KYC guideline set out by the RBI specifically, it shall be penalised in terms of Section 58G of the RBI Act, 1934.
Given that the regulatory authorities seek to curb the offence of money-laundering wherein it involves any attempt, directly or indirectly, to indulge or knowingly assist or knowingly be a party or be actually involved in any process or activity connected with the proceeds of crime including its concealment, possession, acquisition or use and projecting or claiming it as untainted property, any such concealment or act of disguising the true origins of tainted proceeds so that the proceeds appear to have derived from legitimate origins or constitute legitimate assets, is punishable. As such, whoever commits the offence of money-laundering is punishable with rigorous imprisonment for a term which shall not be less than three years but which may extend to seven years and shall also be liable to fine.
In addition, failure to report suspected money laundering (including attempted transactions even if not completed by the Customer, irrespective of the amount of the transaction and/or threshold limit envisaged for predicate offences) may result in comparable fines and terms of imprisonment.
Customer education
For the purpose of the Policy, the Company is required to seek personal and financial information from new and intended Customers at the time they apply for availing the loan facilities. It is likely that any such information, if sought from the intended Customer, may be objected to or questioned by the Customers. To meet such situation it is necessary that the Customers are educated and apprised about the sanctity and objectives of KYC procedures so that the Customers do not feel hesitant or have any reservation while passing on the information to the Company.
For this purpose, the Company shall put in place policies and FAQs to answer any query or questions of the Customers and satisfy them while seeking certain information in furtherance of the Policy.
The hiring of Employees and Employee training
Adequate screening mechanism must be incorporated as an integral part of the Company’s personnel recruitment/hiring, so that people with criminal or questionable background or affiliations do not get recruited.
The Company shall ensure that there is on-going employee training programme so that the members of staff are adequately trained for the purposes of this Policy, specifically in relation to the e-KYC based authentication. The focus of the training shall be different for compliance staff and staff dealing with new customers. Proper staffing of the audit function with persons adequately trained and well-versed in relation to the Policy and Applicable Laws, regulation and related issues shall be ensured.
