KYC AND PMLA POLICY

All Non-Banking Financial Companies (NBFCs) must adhere to the Reserve Bank of India's (RBI) comprehensive "Know Your Customer" (KYC) guidelines, which are in line with the Financial Action Task Force's (FATF) recommendations, Anti Money Laundering (AML) standards, and Combating Financing of Terrorism (CFT) policies. Following these recommendations, AFSL has put in place KYC procedures that are tailored to its business needs. The company has diligently created a framework of policies for AML and KYC procedures, making sure that it complies with RBI regulations and getting board of directors approval.

Creditr has therefore created the Know Your Client and Prevention of Money Laundering Policy (hence referred to as the "Policy"), the specifics of which are contained in this document.

BACKGROUND AND OBJECTIVE

The act of hiding or masking the source and ownership of revenues obtained through illegal operations, including drug trafficking, organized crime, fraud, terrorism, public corruption, and human trafficking, is known as money laundering. On the other side, spending money—obtained lawfully or illegally—to assist terrorist actions is known as terrorist funding. In the context of Creditr, a wide range of financial services, transactions, and products, including as investment and lending goods, may be included in the definitions of money laundering and terrorism funding. Furthermore, funding might also cover tools and other resources that might be used to support terrorism and other illegal activity.

Typically, the money laundering process encompasses three stages: placement, layering, and integration. As illegal funds progress from the placement stage to integration, they become progressively more challenging to identify and trace back to their illicit source.

  1. Placement marks the initial entry point of illegal funds into the financial system. 

  2. Layering involves the creation of intricate layers within the financial system. This is achieved by opening and closing accounts, engaging in the buying and selling of various financial products, and transferring funds across different financial institutions and international borders. The objective for the criminal is to establish multiple layers of transactions, complicating the tracing of the funds' illegal origin.

  3. Integration takes place when the criminal assesses that a sufficient number of layers have been established to conceal the origin of the illegal funds effectively. At this stage, the funds are considered safe for investment or for utilization in acquiring valuable assets within the legitimate economy.


To combat money laundering and deal with the seizure of assets connected to such activities, the Indian Parliament passed the Prevention of Money Laundering Act, 2002 (PMLA). Over time, changes have been made to the Act. In addition, the necessary Notifications and Rules under this Act have been issued and updated by the Government of India's Ministry of Finance.

“Whosoever directly or indirectly attempts to indulge or knowingly assists or knowingly is a party or is actually involved in any process or activity connected with the proceeds of crime and projecting it as untainted property shall be guilty of the offense of money-laundering. “Proceeds of crime” means any property derived or obtained, directly or indirectly, by any person as a result of criminal activity relating to scheduled offense or the value of any such property.”

The Prevention of Money Laundering Act (PMLA) defines money laundering as a criminal offense and empowers authorities to freeze, seize, and confiscate the proceeds of crime derived from various predicate offenses, including drug trafficking, corruption, and terrorism. The Enforcement Directorate (ED) plays a crucial role in investigating these offenses and recovering illegally obtained assets.

Considering the above mentioned factors, the Company's KYC-PML policy has been formulated with the following objectives:

1. Deterrence of the Company's exploitation for money laundering endeavors by criminal entities.

2. Enhancement of the Company's understanding of its customers and their financial transactions, facilitating prudent risk management.

3. Establishment of effective controls for the identification and reporting of suspicious activities, in accordance with relevant laws and established procedures.

4. Adherence to applicable laws and regulatory directives.

5. Assurance of adequate training for the staff involved in KYC/AML/CFT procedures.

APPLICABILITY

This policy is applicable to all branches and offices of the Company and should be considered in conjunction with relevant operational guidelines issued periodically.

Branches/Offices outside India : 

In the event that the Company operates branches or offices outside India, this KYC-PML Policy applies to those located abroad, except where it contradicts local laws in the host country. However, the following conditions apply:

1. If local laws prevent the implementation of these guidelines, such instances must be reported to the Reserve Bank of India.

2. In cases where there is a disparity between the KYC/AML standards set by the Reserve Bank of India and the regulatory authorities in the host country, the branches/offices of the Company must adhere to the more stringent regulation of the two.

CUSTOMER ACCEPTANCE POLICIES

Creditr's Customer Acceptance Policy outlines clear guidelines for accepting customers and managing relationships:

  1. No anonymous or fictitious accounts: Creditr will not open accounts under anonymous or fictitious names.

  2. Mandatory customer verification: All customers must undergo a Customer Due Diligence (CDD) procedure to verify their identity before opening an account. This applies to all individuals associated with the account, including guarantors.

  3. No transactions without CDD: No transactions or account-based relationships will proceed without completing the CDD process.

  4. Verification of authorized representatives: If a customer acts on behalf of another person/entity, their authority will be verified through documentation.

  5. Mandatory KYC information: Specific KYC information is required for account opening and periodic updates. Exceptions require approval from the Principal Officer.

  6. Politically Exposed Persons (PEPs): Information about PEP customers or beneficial owners will be highlighted to the Principal Officer for approval.

  7. Compliance with UNSCRs: Creditr considers United Nations Security Council Resolutions regarding different jurisdictions/entities.

  8. Non-restrictive implementation: The CAP should not excessively restrict access to Creditr services for the general public, especially those experiencing financial or social disadvantages.

  9. Risk-based information gathering: Creditr seeks only relevant information based on the customer's risk category, avoiding unnecessary inquiries. Additional information will be sought with consent after account opening.

RISK MANAGEMENT

Creditr adopts a risk-based approach to risk management, employing the following measures:

1. Customer Risk Categorization:

  • Customers are classified into low, medium, and high-risk categories based on a comprehensive assessment by Creditr.

  • The assessment considers various parameters, including:

    • Customer identity: Ability to verify identity documents through online or other services offered by issuing authorities.

    • Social/financial status: Financial stability and reputation.

    • Nature of business activity: Industry, products/services, and risk factors associated with the business.

    • Clients' business and location: Information about clients and their business activities and locations.

2. Regular Customer Monitoring:

  • Creditr implements a built-in mechanism to continuously monitor customer activity, identifying any irregular behavior.

  • Timely corrective action is taken based on the identified risk.

3. Customer Profiling:

  • During credit appraisal, Creditr generates a profile for each new customer based on their risk classification.

  • The profile includes information about:

    • Customer identity

    • Social/financial status

    • Nature of business activity

    • Clients' business and location

  • The extent of due diligence performed on each customer varies according to their perceived risk.

Customer Risk Categories :

(i) High Risk – Category A :

- Individuals/entities listed in UN Security Council Resolutions (e.g., UN 1267) or watch lists by Interpol and similar international bodies.

- Customers with unusual business circumstances, such as significant geographic distance, frequent account movements, etc.

- Non-resident customers (excluding retail education loan applicants).

- High net worth individuals without a 3-year occupation track record.

- Trusts, charitable organizations, NGOs, and those receiving donations (excluding affiliated education institutions).

- Accounts with politically exposed persons (PEPs) as ultimate beneficial owners.

- Customers with dubious reputation based on public information or watch lists.

- Businesses associated with higher corruption levels (e.g., arms manufacturers, dealers).

- Customers in industries prone to corruption (e.g., jewelers, bullion dealers, high-value goods dealers).


(ii) Medium Risk – Category B :

- Trusts, charitable organizations, NGOs, and donation-receiving entities (excluding affiliated education institutions).

- Salaried applicants with variable/unstructured income receiving salary by cheque.

- Salaried applicants in certain sectors like travel agencies, telemarketing, internet cafes, and IDD call services.

- Self-employed professionals (excluding retail education loan applicants).

- High net worth individuals with a 3-year occupation track record.

- Borrowers residing outside India (excluding students studying abroad).

- Companies with close family shareholding or beneficial ownership.

- Non-face-to-face customers.


(iii) Low Risk – Category C :

- Salaried employees with well-defined salary structures.

- Individuals working with government-owned companies, regulators, and statutory bodies.

- Individuals in lower economic strata with small balances and low turnover.

- Individuals working with Public Sector Units.

- Individuals working with reputed Public Limited and Multinational Companies.

- All borrowers residing in India (including students studying abroad).

- Low-risk individuals and entities easily identifiable, not falling into the above two categories.


In case of an existing customer becoming a PEP, senior management approval is required to continue the business relationship, with enhanced due diligence (EDD) measures undertaken.



CUSTOMER IDENTIFICATION PROCEDURE

1. The Customer Acceptance Policy classifies customers into low, medium, and high-risk categories, determined by assessing identity, social/financial status, and business nature. Identification is required during account commencement, in case of doubt, for significant transactions, and for non-account-based customers.

2. Satisfactory evidence of customer identity, based on perceived risks, will be obtained through reliable documents or physical verification.

3. Permanent account numbers (PAN) will be obtained as per Income Tax Rule 114B, and Form 60 from those without PAN.

4. For legal entities, the Company will verify legal status, understand beneficial ownership, and determine controlling natural persons.

5. Additional documentation may be requested based on higher risk perception, considering factors like location, business nature, and repayment history.


6. The Company may rely on third-party customer due diligence, subject to conditions ensuring compliance and supervision.

7. Key customer identification principles include maintaining in-house decision-making, avoiding redundancy in document submission, and accepting a single proof of address for permanent and current addresses.

8. Periodic KYC data updates are required, with varying frequencies based on risk categories, and certain relaxations for low-risk customers.


MONITORING OF TRANSACTIONS

1. According to the Income Tax Act, 1961, no person (Branch/collection staff) can accept cash exceeding Rs. 2,00,000 for a transaction or series of connected transactions. The Company does not accept cash deposits in foreign currency.

2. For cash or equivalent payments exceeding Rs. 10,000, a 'source of funds' declaration is required. If the source is the sale of immovable property, cash or equivalent exceeding Rs. 20,000 should not be accepted.

3. Ongoing monitoring is crucial for effective KYC procedures. Creditr will analyze transactions based on risk profiles, identifying unusual or complex activities. Special attention will be given to large transactions, patterns lacking apparent economic purpose, and those exceeding specified limits, particularly cash transactions over Rs. 1 lakh. Higher-risk accounts undergo intense monitoring.

4. Key indicators will be set for monitoring based on customer background, country of origin, sources of funds, transaction types, and other risk factors. A periodic review, not less than every six months, will assess risk categorization and the need for enhanced due diligence.

5. Creditr will explore validating new account openings against public domain watch lists, including the RBI watch list.


TRAINING PROGRAMME

Creditr is committed to continuous employee training programs to ensure that all staff members are proficiently trained in KYC/AML/CFT procedures.

Distinct training focuses will be established for frontline staff, compliance staff, and officers/staff handling new customers. This approach ensures that everyone involved comprehensively understands the rationale behind KYC policies and consistently implements them.


INTERNAL CONTROL SYSTEM

Creditr’s Internal Audit and Compliance functions are responsible for evaluating and ensuring adherence to KYC policies and procedures. The compliance function, as a standard practice, independently assesses the Company's policies, procedures, and compliance with legal and regulatory requirements. Under the supervision of the Board, the Management ensures that the audit function is adequately staffed with skilled individuals. Internal Auditors specifically scrutinize and authenticate the application of KYC procedures at branches, reporting any observed lapses. Audit findings and compliance updates are presented to the Audit Committee of the Board on a quarterly basis until the resolution of audit findings.

Additionally, Creditr implements a robust screening mechanism as an integral part of its recruitment/hiring process to prevent individuals with a criminal background from accessing and potentially misusing the financial channel.

RECORD KEEPING

a) Recording Transactions:

   - The Company will maintain transaction records in accordance with Section 12 of the Prevention of Money Laundering Act, 2002 (PMLA) and Rule 3 of the PML Rules for:

      i. All cash transactions exceeding Rs. 2 lakhs.

      ii. Series of cash transactions valued below Rs. 2 lakhs but integrally connected within a month.

      iii. Transactions involving receipts by non-profit organizations of rupees ten lakhs or its equivalent in foreign currency.

      iv. Cash transactions involving forged or counterfeit currency notes, or where forgery of a valuable security has occurred.

      v. Records related to customer identification and address.

      vi. All suspicious transactions, regardless of cash involvement.

   

b) Information in Records:

   - The records specified in Rule 3 of PMLA Rules will include:

      i. Nature of the transactions.

      ii. Amount and currency.

      iii. Transaction date.

      iv. Parties involved.



c) Maintenance and Preservation:

   - As per Section 12 of PMLA:

      i. Records of transactions (as per clause a) will be maintained for five years from the date of transactions.

      ii. Records of client identity will be preserved for five years from the date of cessation of transactions.

   - Creditr will establish a robust system for the proper maintenance and preservation of information in both hard and soft copies, ensuring easy retrieval when required by competent authorities.

APPOINTMENT OF PRINCIPAL OFFICER

Creditr will appoint a senior employee as the 'Principal Officer' (PO) based at the Head/Corporate office. The PO will be accountable for monitoring, reporting all transactions, and sharing necessary information in compliance with the law. Details, including the name, designation, and address of the Principal Officer, will be communicated to the FIU-IND.

REPORTING TO FINANCIAL INTELLIGENCE UNIT – INDIA

In compliance with PMLA, Credit’s Principal Officer will submit the following reports to the Director, Financial Intelligence Unit-India (FIU-IND):


a) Cash Transaction Report (CTR):  If identified, CTR for each month will be submitted by the 15th of the succeeding month.

b) Counterfeit Currency Report (CCR):  CCR for transactions involving forged or counterfeit Indian currency notes will be submitted monthly by the 15th of the succeeding month.

c) Suspicious Transactions Reporting (STR):

   - The company aims to implement automated systems for transaction monitoring to detect suspicious activity.

   - STR will be filed with FIU-IND within 7 days of concluding that a transaction or series is suspicious.

   - No operational restrictions will be imposed on accounts with filed STRs, following regulatory guidelines.

Credit’s employees are bound by strict confidentiality regarding the reporting of details related to suspicious transactions.


GENERAL

1. Closure of Accounts/Termination of Business Relationship:

   - If Creditr cannot apply KYC measures due to non-cooperation or information non-furnishing, it will terminate the business relationship after providing the customer with a notice explaining the decision.

   - Approval from the Chairman & Managing Director or authorized key managerial persons is required for such decisions.

2. KYC for Existing Accounts:

   - KYC guidelines will apply to new customers, and the same will be extended to existing customers based on materiality and risk.

   - Continuous monitoring of transactions with existing customers will identify any unusual patterns in account operations.

3. Updation of Company's KYC Policy:

   - The Principal Officer, with approval from the Board of Directors, will make necessary amendments to the KYC/AML/CFT Policy to align with requirements/updates/amendments from RBI or other relevant authorities.