ANTI- MONEY LAUNDERING (AML) GUIDELINES AND KNOW YOUR CUSTOMER (KYC) PROCEDURES

INTRODUCTION

In accordance with the Master Directions issued (as amended from time to time) by Reserve Bank of India, all Regulated Entities (REs) including Ahalia Money exchange and Financial Services Private Limted is required to put in place appropriate Policy and procedures to comply with the relevant Know Your Customer (KYC ) norms and Customer Due Diligence ( CDD) processes at the time of on boarding the Customer and also during the continued relationship with such Customer which includes monitoring of transactions in terms of the provisions of Prevention of Money-Laundering Act, 2002 and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, as amended from time to time by the Government of India

Ahalia Money Exchange and Financial Services Private Limited recognizes the importance of the AML programs and commits itself to inculcating a vigilant culture in combating money laundering to the extent applicable to the firm. Accordingly, it puts in place a detailed KYC & AML Policy and procedures hereunder in line with RBI Directions and Prevention of the Money Laundering Act, 2002 /Rules as amended from time to time as well that of the norms put out by the other relevant regulations that is applicable to its business operations, for the time being in force.

OBJECTIVES OF THE POLICY

The Policy seeks to achieve the following objectives.

· To provide a framework for how the company, in its process of conducting business with Customers, will deal with the threat of money laundering and terrorism financing.

· To prevent criminal elements from using Company for Money Laundering and Terrorist Funding activities

· That all the staff are aware and receive training on the Anti Money laundering legislation applicable to them, as well as to adhere to their responsibilities under the regulations

· To put in place an effective system and procedure for Customer identification and verifying its / his / her identity and residential address.

· To enable the Company to know and understand its Customers and their financial dealings better which, in turn, would help the Company to manage risks prudently.

· To put in place appropriate controls for detection and reporting of suspicious activities as envisaged under the Prevention of Money Laundering Act, 2002 and in accordance with laid down procedures.

· To comply with applicable laws and regulatory guidelines

SCOPE OF THE POLICY

This Policy applies to all employees of Ahalia Money Exchange and Financial Services Private Limited and third-party agents engaged by it if any. The Policy seeks to maintain high standards of conduct within the Company and among its agents, if any, by preventing criminal activity through money laundering. The Policy sets out the procedures which must be followed (for example the reporting of suspicions of money laundering activity) to enable the Company to comply with its legal obligations.

The legislation and Regulatory directives places responsibility upon Ahalia Money Exchange and Financial Services Private Limited, its employees to combat money laundering and covers a very wide area of financial transactions, including possessing, or in any way dealing with, or concealing, the proceeds of any crime. It applies to all employees involved with handling monetary transactions. It is a criminal offence to, assist a money launderer, “tip off” a  person suspected to be involved in money laundering that they are suspected or that they are the subject of police investigations, fail to report a suspicion of money laundering and acquire, use, or possess criminal property The legislative requirements concerning anti-money laundering procedures are extensive and complex. This Policy aims to meet the legal requirements proportionate to the intensity of risks that Ahalia Money Exchange and Financial Services Private Limited is exposed to in respect of the businesses/activities.
1The directives issued by the RBI is updated and implemented throughout the entire team of the organization and periodical checks are made as to whether the same is being adhered to or not. Being committed to the highest level of transparency in transactions, we have developed systems and procedures to monitor all the transactions for any suspected money laundering activities.

The manual describes an outlook into the policies and procedures designed by us, keeping in mind the regulations and how the system works in order to curb the activities associated with Anti-money laundering activities, prevention of organized crimes etc.

The manual gives in detail the entire policies and procedures followed by the company as regards the Anti-money laundering compliance, broadly classified under the major heads like Know Your Customer, handling transactions, documentation, monitoring and control, reporting suspicious transactions, Legal position and obligation and guidelines to identify suspicious transactions.

KEY ELEMENTS OF THE POLICY

The objective of this policy is to prevent the Company (AMEFS) from being used, internationally or unintentionally, by criminal elements for money laundering activities. This policy also enables Ahalia Money Exchange & Financial Services Private Limited to know/understand their customers and their financial dealings better which in turn help them to manage their risk prudently.

The policy shall consist of four key elements

a. Customer Acceptance Policy (CAP)

b. Customer Identification Procedures (CIP)

c. Monitoring of Transactions (including Reporting STR, CTR & CCR)

d. Risk Management

CUSTOMER ACCEPTANCE POLICY (CAP)

While taking decision to grant any facilities to the Customers as well as during the continuation of any facilities the following norms and procedures will be followed by the company

• No account will be opened in anonymous or fictitious/benami name.
• Customers will be accepted only after verifying their identity, as laid down in Customer Identification Procedures. Necessary checks will be done before opening a new account to ensure that the identity of the Customer does not match with any person with known criminal background or with banned entities.
• AMEFS will refrain from opening an account where the company is unable to apply appropriate Customer Due Diligence measures either due to non-cooperation of the Customer or non-reliability of the documents/information furnished by the Customer.
• No transaction or account-based relationship shall be undertaken without the Customer Due Diligence. Customer Due Diligence procedures to be followed for all joint account holders while opening joint accounts.
• Suitable system is put in place to ensure that the identity of the Customer does not match with any person or entity, whose name appears in the sanctions lists circulated by Reserve Bank of India.
• Where Permanent Account Number (PAN) is obtained, the same shall be verified from the verification facility of the issuing authority.
• Where an equivalent e-document is obtained from the Customer, AMEFS shall verify the digital signature as per the provisions of the Information Technology Act, 2000 (21 of 2000).
• AMEFS shall ensure to specify the mandatory information which need to be sought for KYC purpose while opening an account and during the periodic updation.
• AMEFS shall ensure that the ‘Optional’/additional information, is obtained with the explicit consent of the Customer after the account is opened.
• Implementation of CAP should not become too restrictive and result in denial of the AMEFS services to public, especially those who are financially or socially disadvantaged.
• The customer profile shall be a confidential document and details contained therein shall not be divulged for cross selling or any other purpose.

CUSTOMER IDENTIFICATION PROCEDURE

Customer Identification involves verification of Customer’s identity by using reliable, independent source documents, data, or information. AMEFS shall obtain enough information necessary to verify the identity of each Customer. A broad guideline for the Customer identification is given below:

• AMEFS shall ensure that Customer identification process is undertaken, whenever,
• An account-based relationship is being established.
• Carrying out any international money transfer operations for a person who is not an account holder.
• There is doubt about the authenticity or adequacy of Customer identification data already obtained.
• Selling third party products as agents, selling their own products, payment of dues of credit cards/sale and reloading of prepaid/travel cards and any other product for more than rupees fifty thousand.
• Carrying out transactions with walk in Customers, where the amount involves equal or exceeds rupees fifty thousand, whether conducted as a single transaction or several transactions that appear to be connected.
• AMEFS has reasons to believe that a Customer is intentionally structuring transactions into a series of transactions below the threshold of Rupees Fifty thousand.
• AMEFS shall also ensure that introduction is not to be sought while opening accounts.

VIDEO BASED CUSTOMER IDENTIFICATION PROCESS (V-CIP)

AMEFS may undertake V-CIP to carry out:-

Customer Due Diligence in case of new customer on-boarding for individual customers, proprietor in case of proprietorship firm, authorized signatories and Beneficial Owners (BOs) in case of Legal Entity (LE) customers.

Provided that in case of Customer Due Diligence of a proprietorship firm, AMEFS shall also obtain the equivalent e-document of the activity proofs with respect to the proprietorship firm, apart from undertaking Customer Due Diligence of the proprietor.

Conversion of existing accounts opened in non-face to face mode using Aadhaar OTP based e-KYC authentication.

Updation/Periodic updation of KYC for eligible customers.

AMEFS opting to undertake V-CIP, shall adhere to the following minimum standards:

(a) V-CIP Infrastructure

The AMEFS should have complied with the RBI guidelines on minimum baseline cyber security and resilience framework for banks, as updated from time to time as well as other general guidelines on IT risks. The technology infrastructure should be housed in own premises of the AMEFS and the V-CIP connection and interaction shall necessarily originate from its own secured network domain. Any technology related outsourcing for the process should be compliant with relevant RBI guidelines.

The AMEFS shall ensure end-to-end encryption of data between customer device and the hosting point of the V-CIP application, as per appropriate encryption standards. The customer consent should be recorded in an auditable and alteration proof manner.

The V-CIP infrastructure / application should be capable of preventing connection from IP addresses outside India or from spoofed IP addresses.

The video recordings should contain the live GPS co-ordinates (geo-tagging) of the customer undertaking the V-CIP and date-time stamp. The quality of the live video in the V-CIP shall be adequate to allow identification of the customer beyond doubt.

The application shall have components with face liveness / spoof detection as well as face matching technology with high degree of accuracy, even though the ultimate responsibility of any customer identification rests with the AMEFS. Appropriate artificial intelligence (AI) technology can be used to ensure that the V-CIP is robust.

Based on experience of detected / attempted / ‘near-miss’ cases of forged identity, the technology infrastructure including application software as well as work flows shall be regularly upgraded. Any detected case of forged identity through V-CIP shall be reported as a cyber event under extant regulatory guidelines.

The V-CIP infrastructure shall undergo necessary tests such as Vulnerability Assessment, Penetration testing and a Security Audit to ensure its robustness and end-to-end encryption capabilities. Any critical gap reported under this process shall be mitigated before rolling out its implementation. Such tests should be conducted by suitably accredited agencies as prescribed by RBI. Such tests should also be carried out periodically in conformance to internal/regulatory guidelines.

The V-CIP application software and relevant APIs / web services shall also undergo appropriate testing of functional, performance, and maintenance strength before being used in live environment. Only after closure of any critical gap found during such tests, the application should be rolled out. Such tests shall also be carried out periodically in conformity with internal/ regulatory guidelines.

(b) V-CIP Procedure

AMEFS shall formulate a clear work flow and standard operating procedure for V-CIP and ensure adherence to it. The V-CIP process shall be operated only by officials of the RE specially trained for this purpose. The official should be capable to carry out liveliness check and detect any other fraudulent manipulation or suspicious conduct of the customer and act upon it.

If there is a disruption in the V-CIP procedure, the same should be aborted and a fresh session initiated.

The sequence and/or type of questions, including those indicating the liveness of the interaction, during video interactions shall be varied in order to establish that the interactions are real-time and not pre-recorded.

Any prompting, observed at end of customer shall lead to rejection of the account opening process.

The fact of the V-CIP customer being an existing or new customer, or if it relates to a case rejected earlier or if the name appearing in some negative list should be factored in at appropriate stage of work flow.

The authorized official of the AMEFS performing the V-CIP shall record audio-video as well as capture photograph of the customer present for identification and obtain the identification information using any one of the following:

1. OTP based Aadhaar e-KYC authentication
2. Offline Verification of Aadhaar for identification
3. KYC records downloaded from CKYCR using the KYC identifier provided by the customer
4. Equivalent e-document of Officially Valid Documents (OVDs) including documents issued through Digi locker

AMEFS shall ensure to redact or blackout the Aadhaar number.

In case of offline verification of Aadhaar using XML file or Aadhaar Secure QR Code, it shall be ensured that the XML file or QR code generation date is not older than 3 days from the date of carrying out V-CIP.

Further, in line with the prescribed period of three days for usage of Aadhaar XML file / Aadhaar QR code, AMEFS shall ensure that the video process of the V-CIP is undertaken within three days of downloading / obtaining the identification information through CKYCR / Aadhaar authentication / equivalent e-document, if in the rare cases, the entire process cannot be completed at one go or seamlessly. However, AMEFS shall ensure that no incremental risk is added due to this.

If the address of the customer is different from that indicated in the OVD, suitable records of the current address shall be captured, as per the existing requirement. It shall be ensured that the economic and financial profile/information submitted by the customer is also confirmed from the customer undertaking the V-CIP in a suitable manner.

AMEFS shall capture a clear image of PAN card to be displayed by the customer during the process, except in cases where e-PAN is provided by the customer. The PAN details shall be verified from the database of the issuing authority including through Digi locker.

Use of printed copy of equivalent e-document including e-PAN is not valid for the V-CIP.

The authorised official of the AMEFS shall ensure that photograph of the customer in the Aadhaar/OVD and PAN/e-PAN matches with the customer undertaking the V-CIP and the identification details in Aadhaar/OVD and PAN/e-PAN shall match with the details provided by the customer.

Assisted V-CIP shall be permissible when banks take help of Banking Correspondents (BCs) facilitating the process only at the customer end. Banks shall maintain the details of the BC assisting the customer, where services of BCs are utilized. The ultimate responsibility for customer due diligence will be with the bank.

All accounts opened through V-CIP shall be made operational only after being subject to concurrent audit, to ensure the integrity of process and its acceptability of the outcome.

All matters not specified under the paragraph but required under other statutes such as the Information Technology (IT) Act shall be appropriately complied with by the AMEFS.

(c) V-CIP Records and Data Management

The entire data and recordings of V-CIP shall be stored in a system / systems located in India. AMEFS shall ensure that the video recording is stored in a safe and secure manner and bears the date and time stamp that affords easy historical data search. The extant instructions on record management, as stipulated in this MD, shall also be applicable for V-CIP.

The activity log along with the credentials of the official performing the V-CIP shall be preserved.