Introduction
We, Verifin Technologies Private Limited (“We”, “Us” or “Our”) actively endeavor to detect, highlight and report the transactions or activities associated with money laundering and the financing of terrorism. We have employed this Know Your Customer- Anti Money-Laundering Policy (“KYC-AML Policy”) to provide a mechanism detailing the manner in which Users (“User”, “Customer”, “You” or “Client”) can be onboarded to the platform to use the provision of services. This KYC-AML Policy also outlines the methods and strategies to assess and manage risk associated with each Client or transaction.
We abide by the directives from Law enforcement Agencies and Courts and will obey their orders relating to reporting suspicious accounts or transactions and sharing the identity details, KYC documents, transaction details and other details of specified users.
This KYC-AML Policy sets out obligations of the Users under the (i) Prevention of Money Laundering Act, 2002, (“PMLA”) (ii) Prevention of Money Laundering (Maintenance of Records) Rules, 2005 (“PML Rules”), (iii) the Unlawful Activities (Prevention) Act, 1967 (“UAPA”), (iv) The Weapons of Mass Destruction and Delivery Systems (Prohibition of Unlawful Activities) Act, 2005 (“WMDA”) and (v) Anti-Money Laundering and Countering the Financing of Terrorism Guidelines For Reporting Entities Providing Services Related To Virtual Digital Assets published by the Financial Intelligence Unit – India (“FIU-IND Guidelines”) ( hereinafter are referred to together as the “AML Framework”).
We reserve the right, at our sole discretion, to change, modify, add or remove portions of this KYC-AML Policy, at any time without any prior written notice. It is Your responsibility to review the KYC-AML Policy periodically for any updates/changes. Your continued use of the Online Platform following the modification of the KYC-AML Policy will imply the acceptance of this KYC-AML Policy or any changes made to it.
You hereby expressly consent to Our continuous monitoring and collecting of information and data of Your activities on Our Online Platform for the purpose of this KYC-AML Policy and to remain compliant with the reporting standards as per the applicable laws.
Definitions
“Applicable Law” shall mean any applicable statute, law, regulation, ordinance, rule, judgment, order, decree, by-law, approval from the concerned authority, government resolution, order, directive, guideline, policy, requirement, or other circulars or notifications from any competent government or statutory bodies.
“Computer Resource” shall have the same meaning as ascribed to it in Section 2(1)(k) of Information Technology Act, 2000.
“Crypto” or “VDA” shall mean and refer to virtual digital assets as defined under Section 2(47A) of the Income Tax Act, 1961.
“Customer” or “User” or “You” or “Client” shall mean any Person availing our Services through the Online Platform.
“Person” includes—
an individual,
a Hindu undivided family,
a company,
a firm,
an association of persons or a body of individuals, whether incorporated or not
every artificial juridical person not falling within any of the preceding sub-clauses, and
any agency, office or branch or entity owned or controlled by any of the above persons mentioned in the preceding sub-clauses.
“Client due diligence” or “CDD” means due diligence carried out on a Client. CDD involves identifying the Client and verifying their identity by using a reliable, independent source of documents, data, or information and ascertaining the true beneficial owner of the Client entity.
“Officially Valid Document/OVD” means the passport, the driving license, proof of possession of an Aadhaar Number or the voter's identity card issued by the Election Commission of India.
“Politically Exposed Person” (PEP) is a person who is authorized to perform prominent public functions in a country and includes governors of the state, members of Parliament, military officers, senior government and judicial executives, and heads of local bodies such as municipal corporations, among others. You could also qualify as a PEP if You are a family member or a close relative of such an individual.
“Provision of Services” or “Services” shall mean exchange between virtual digital assets and fiat currencies and safekeeping or administration of virtual digital assets or instruments enabling control over virtual digital assets.
“Suspicious Transaction” means a transaction, including an attempted transaction on the Platform, whether or not made using fiat currency, which under Our sole discretion:
give rise to a reasonable ground of suspicion that it may involve proceeds of a crime/an offence, regardless of the value involved; or
appears to be made in circumstances of unusual or unjustified complexity or in contravention of any Applicable Law; or
appears to have no economic rationale or bona fide purpose; or
gives rise to a reasonable ground of suspicion that it may involve financing activities relating to terrorism. Terrorism includes transactions involving funds suspected to be linked or related to or to be used for terrorism, terrorist acts, or by a terrorist, terrorist organisation, or those who finance or are attempting to finance terrorism.
Customer Acceptance
Any Indian resident can open an Account with Us by providing the following documents:
Permanent Account Number (PAN) given by Income Tax Authorities,
Documents for identification and proof of residence (only OVDs).
Live selfie from the camera.
Other KYC documents as required to conduct CDD measures.
Please note that post the account opening process, the User would be required to add and verify their bank account/UPI ID for making INR withdrawals.
The User’s Account with Us will only be made operational for the User to avail our Services when such documents, information as mentioned above, or as required under any other part of this Policy, or any other additional information as requested by Us is provided by the User to Our satisfaction.
We ascertain the User’s identity by screening the User’s details across multiple databases and by referring to different sets of documents which can satisfy Us with the User’s background and establish the fact that the Account is not opened under an anonymous or fictitious/benami name. We may ask for details such as: a. Annual income, b. Occupation, c. If Politically Exposed Person (PEP), d. Background of business, e. Details of other related entities of the business, if any.
Customer Identification Procedure is carried out at different stages while the Platform is accessed by the User and is not limited to instances when: a. Applying to access the Platform, b. Periodic review of a User’s information and documents, c. Any transaction is being executed by the User on the Platform, and/or d. We have a doubt about the authenticity/veracity or the adequacy of the earlier obtained User Identification data.
We will, ourselves or through any third party, verify the information submitted by the Customers through the technology tools and/or through any other independent source of information before onboarding a customer. Users will be required to verify their email address and mobile number through one time password (OTP).
Risk Management
While onboarding Users, We, following a risk-based approach, categorize the Users under low, medium, and high-risk categories, based on the assessment and risk perception.
We prepare the profile of the customer which should contain User’s information relating to the customer's identity and other factors to determine the risk involved on the basis of the parameters including but not limited to:
Social/financial status;
The nature, scale, diversity and complexity of their business;
Withdrawals to multiple bank accounts;
Very frequent withdrawals;
Adverse media screening;
Politically exposed person screening;
The number of customers already identified as high risk;
The jurisdictions the entity is exposed to, either through its own activities or the activities of customers, especially jurisdictions with relatively higher levels of corruption or organised crime, and/or deficient AML/CFT controls and listed by RBI or FATF.
FATF Public Statement, the reports and guidance notes on KYC/AML issued by the Indian Banks Association (IBA), Financial Intelligence Unit - India and other agencies, etc., may also be used in risk assessment.
No User shall be informed of the risk category he/she is categorized into and no such confidential information shall be disclosed to the User which can tip him/her off to evade transacting. We also re-verify KYC details at regular intervals, annually at the very least, depending on our risk assessment and classification of the Customer. We may change the risk categorization of a particular User based on transaction history, user activity or on any other basis as mentioned above.
Customer verification norms
KYC is the key principle for the identification of any individual opening and operating a User Account. In the context of KYC, verification is the process of seeking satisfactory evidence of the Client’s identity and verifying the correctness of the information provided by the customer. The objectives of KYC are as under:
To ensure appropriate customer identification,
Reporting suspicious transactions executed by a Customer to relevant law enforcement authorities as required by law,
Satisfy that the proposed customer is not an undischarged insolvent,
Minimize frauds,
Avoid opening Benami accounts with fictitious names and addresses, and
Weed out undesirable customers.
The customer identity and current address including permanent address will be verified based on the documents provided by the customer. PAN shall be verified from the verification facility of the issuing authority. Where an equivalent e-document is obtained from the customer, We verify the digital signature as per the provisions of the Information Technology Act, 2000.
For the purpose of carrying out KYC or re-KYC of existing customers, the PAN and any of the OVDs as prescribed below can be used as a measure of identification:
The passport,
The driving license,
Proof of possession of Aadhaar number,
The Voter's Identity Card issued by the Election Commission of India,
Job card issued by NREGA duly signed by an officer of the State Government, and
Letter issued by the National Population Register containing details of name and address.
If the OVD furnished by the customer does not have the updated address, the following documents or the equivalent e-documents thereof shall be deemed to be OVDs for the limited purpose of proof of address:
Utility bill which is not more than two months old of any service provider (electricity, telephone, post-paid mobile phone, piped gas, water bill);
Property or Municipal tax receipt;
Pension or family pension payment orders (PPOs) issued to retired employees by Government Departments or Public Sector Undertakings, if they contain the address;
Letter of allotment of accommodation from employer issued by State Government or Central Government Departments, statutory or regulatory bodies, public sector undertakings, scheduled commercial banks, financial institutions and listed companies and leave and licence agreements with such employers allotting official accommodation;
The customer shall submit OVD with current address within a period of three months of submitting the documents specified above.
For verifying the identity and status of a business/legal entity, We collect various documents to verify the following aspects:
The name, legal form and proof of existence;
Powers that regulate and bind the juridical persons;
Address of the registered office/ main place of business;
For the purpose of KYC for business entities, documents mentioned in the Customer Due Diligence (CDD) measures prescribed by Reserve Bank of India Master Direction - Know Your Customer (KYC) Direction, 2016 as updated from time to time, shall be used and maintained.
In scenarios where the documents provided by a User have some issues and cannot be validated, a video-KYC will be required from the User to validate the identity and authenticity of the document/information submitted by them. KYC of individuals associated with the Organization that are required to furnish OVDs or any other documents will be completed using video-KYC. We would also use the video-KYC process while performing Enhanced Due Diligence (EDD) wherever required.
Periodic updation of KYC
Periodic updation of KYC of Users is performed at such intervals of time and using such processes/documents as decided by Us at Our sole discretion, but at the very least every year. We will implement these mandatory steps for updation of KYC:
No change in KYC information: In case of no change in the KYC information, a self-declaration from the User in this regard shall be obtained through the User's email ID and mobile number registered with Us. While in case of any change in the KYC information, the same shall be reported by the User to Us immediately but not later than 30 days from the date of such change.
Change in address: In case of a change only in the address details of the User, a self-declaration of the new address may be obtained from the User through the User's email ID and mobile number registered with Us along with valid proof to be submitted by the User for the change in such address.
Change in contact information like a phone number or email address: In case of a change in the contact details of the User, the User can reach out to Us to get the details updated, along with valid proof of change and demonstrating ownership of the Account with Us for which the details are to be updated.
Client/customer due diligence (“cdd”)
We shall conduct CDD at the time of commencement of an account-based relationship whether conducted as a single transaction or several transactions that appear to be connected, and undertake:
to identify Our clients, verify their identity using reliable and independent sources of identification, obtain information on the purpose and intended nature of the business relationship, where applicable;
to take reasonable steps to understand the nature of the customer’s business, and its ownership and control; and
to determine whether a client is acting on behalf of a beneficial owner, and identify the beneficial owner and take all steps to verify the identity of the beneficial owner, using reliable and independent sources of identification.
We shall obtain details of the Beneficial Owner of the legal entity or individual as part of our CDD process. Depending on the legal entity or legal structure of the Client, Beneficial owner would be identified as follows:
If the customer is an individual, ‘Beneficial owner’ shall mean an individual on whose behalf a transaction is being conducted and includes a person who exercises ultimate effective control over the account or benefits from the transactions executed through the customer's account;
Where the customer is a company, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has a Controlling Ownership Interest or who exercises Control through other means;
Explanation: “Controlling ownership interest” means ownership of or entitlement to more than ten percent of shares or capital or profits of the company. “Control” shall include the right to appoint the majority of the directors or to control the management or policy decisions including by virtue of their shareholding or management rights or shareholders agreements or voting agreements.
Where the customer is a partnership firm, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has ownership of/entitlement to more than fifteen percent of capital or profits of the partnership;
Where the client is an unincorporated association or body of individuals, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has ownership of or entitlement to more than fifteen percent of the property or capital or profits of such association or body of individuals;
Where no natural person is identified under (b) or (c) or (d) above, the beneficial owner is the relevant natural person who holds the position of senior managing official;
Where the client is a trust, the identification of beneficial owner(s) shall include identification of the author of the trust, the trustee, the beneficiaries with ten percent or more interest in the trust and any other natural person exercising ultimate effective control over the trust through a chain of control or ownership;
Where the client or the owner of the controlling interest is a company listed on a stock exchange, or is a subsidiary of such a company, it is not necessary to identify and verify the identity of any shareholder or beneficial owner of such companies, since it may be assumed that such due-diligence has been carried out at the time of listing on the exchange.
Where the client is an individual, for the purposes of CDD, the following documents shall be submitted with Us:
the Aadhaar number where User decides to submit his Aadhaar number voluntarily and the proof of possession of Aadhaar number where offline verification cannot be carried out or any OVD containing the details of his identity and address; and
the Permanent Account Number or the equivalent e-document thereof; and
such other documents including in respect of the nature of business and financial status of the client, or the equivalent e-documents thereof as may be required by Us.
Where the client is a company, for the purposes of CDD, the following documents shall be submitted with Us:
Certificate of incorporation;
Memorandum and Articles of Association;
Permanent Account Number of the company;
a resolution from the Board of Directors and power of attorney granted to its managers, officers or employees, as the case may be, to transact on its behalf;
such documents as are required for an individual under sub-rule (4) relating to beneficial owner, managers, officers or employees, as the case may be, holding an attorney to transact on the company’s behalf;
the names of the relevant persons holding senior management position; and
the registered office and the principal place of its business, if it is different.
Where the client is a partnership firm, for the purposes of CDD, the following documents shall be submitted with Us:
registration certificate;
partnership deed;
permanent Account Number of the partnership firm;
such documents as are required for an individual under sub-rule (4) relating to beneficial owner, managers, officers or employees, as the case may be, of the person holding an attorney to transact on its behalf; and
the names of all the partners and address of the registered office, and the principal place of its business, if it is different.
Where the client is an unincorporated association or a body of individuals, for the purposes of CDD, the following documents shall be submitted with Us:
resolution of the managing body of such association or body of individuals;
power of attorney granted to him to transact on its behalf;
permanent account number or Form No.60 of the unincorporated association or a body of individuals;
such documents as are required for an individual under sub-rule (4) relating to beneficial owner, managers, officers or employees, as the case may be, of the person holding an attorney to transact on its behalf; and
such information as may be required by the Us to collectively establish the existence of such association or body of individuals.
On-going due diligence
We shall undertake on-going due diligence of customers to ensure that their transactions are consistent with their knowledge about the customers, customers’ business, risk profile and the source of VDA deposits.
When there are suspicions of money laundering or financing of activities relating to terrorism or where there are doubts about the adequacy or veracity of previously obtained User identification data, We shall review the due diligence measures including reverifying the User’s identity, and shall request additional information. On the basis of monitoring activities conducted by Us as described under this Policy, User’s access to the Platform shall be suspended / blocked or terminated as decided by Us under Our sole discretion.
We shall also systematically and periodically review the risk categorisation of Customers, with such periodicity being at least once in a year, and may change the risk categorisation of the Customer based on our internal assessment.
Enhanced due diligence
If we identify any risk in the transaction undertaken depicting complex or unusual patterns which have no apparent economic or lawful purpose or risk associated with an account with Us which might be due to User’s background or association with PEPs, We shall undertake Enhanced Due Diligence (“EDD”).
Steps under EDD shall include but will not be limited to:
Submission of additional information and documentation by User e.g., financial records and nature of business for verifying the source of VDA deposits;
Undertake additional background checks and research to validate the true identity of a User;
Seeking clarification justification relating to a particular transaction or series of transactions or other User activities;
Implement application of additional measures to know the customer’s sources of funds in general like gathering information from publicly available sources or otherwise, conducting independent enquiries on the details collected on /provided by the customer where required or Consulting a credible database, public or other, etc, or obtain any additional information in this regard from any other appropriate source;
We or a third party service provider may call or email to the user seeking further details of the source of the funds of the customer or source of VDA deposits with Us. Such additional details may include information relating to the employment status or business/occupation of the customer and any supporting documents including employment agreements, bank statements or tax returns, etc. It may also include company incorporation documents of the User along with layout of its corporate structure;
Conducting in-person visits, if required.
Deposit policy
Crypto deposits: You understand and undertake that VDAs deposited in the digital wallet maintained in your name with Us are owned by You as the beneficial owner. You will be required to submit a self-declaration in this regard. We reserve our right to suspend, block or close your account or block and forfeit any Digital assets or funds available in your Digital Wallet if we have a reasonable suspicion that you have deposited Digital Assets belonging to any other person into your digital wallet on our Online Platform.
Withdrawal process
We follow a strict procedure while processing any withdrawal requests from the customer to ensure that the funds are sent only to their originating source and beneficial owner. We will review all withdrawal requests from customers and verify that the funds are being withdrawn to the linked bank account of the User. We will also review transaction history and User activities to ensure that there is no suspicious withdrawal activity in the User’s account.
In case there is a difference in the details of bank account provided in the withdrawal request and the one which is linked in the name of the User, then the accounts team will ask for further details and clarifications to ensure that withdrawal is being sent to the bank account which is under the control and ownership of the User. Withdrawals will be allowed and processed only once the customer produces satisfactory details / documents supporting the same. If a withdrawal request is flagged for suspicious activity, the request will be placed on hold, pending further investigation by the compliance team. Compliance team, in consultation with the management, will decide if the transaction should be reported to the Law enforcement authorities.
Travel rule
We may also reach out to obtain the required information to verify beneficiary information in case of deposit of VDA by the User, if the corresponding Travel Rule information is missing/incomplete as received from the originating exchange. The successful completion of deposit of VDA is subject to the Travel Rule and compliance controls implemented by Us. Travel Rule is applicable for all VDA deposits, irrespective of the amount or the type of VDA deposited.
We will require and capture at least the following details of the originator and the beneficiary:
Originator’s name and PAN number or National identity number;
Originator’s wallet address; and
Originator’s verified address as per KYC.
Sanction screening for VDA transfer
For the purpose of enhanced monitoring, sanctions screening will be carried out by Us both at the time of depositing any VDA to ensure that Our services are not engaged to receive any VDA from any sanctioned wallet/individual. We will ensure prompt application of the directives when issued by the competent authorities for implementing United Nations Security Council Resolutions relating to the suppression and combating of terrorism, terrorist financing and proliferation of weapons of mass destruction and its financing, and other related directives, as well as compliance with all other applicable laws, regulatory requirements and guidelines in relation to economic sanctions.
We will use tools provided by any reputed third party service provider to screen all the digital wallets for sanction screening. We will put any deposit request on hold or block any such request if the digital wallet involved is indicated as high risk in the sanction screening tool used by Us.
Preservation of record
We shall reasonably ensure that all information received for the purpose of identification or due diligence is used by it in accordance with Our applicable terms and conditions. We shall also take necessary reasonable steps for maintenance, preservation, and reporting of User information as per the internal policies and standard operating procedures implemented by Us.
In addition, the confidentiality, security, and protection against access, use, and disclosure (including publication or display) of all information of a User, collected or created by Us shall be kept in accordance with Applicable Law.
We shall collect and maintain records, in the form of books or stored in a computer, of Your identity proof along with all documents and information provided by You and of all the transactions undertaken by You on the Platform, as required under the Applicable Laws/good industry practices.
We shall maintain and report to Authorities, the records of:
the KYC details, documents, and data of all Users who open a User Account on the Platform;
the KYC details, documents, and data of all Users who undertake a transaction on the Platform; or
Your transactions on the Platform.
Notwithstanding anything to the contrary contained in the Terms of Use or Privacy Policy, any information obtained while undertaking the due diligence measures under this Policy or during registration/creation/ongoing due diligence of Your Account shall be maintained for the duration of the account is operational, and for a period of 5 (Five) years from the date Your Account ceases to exist or such longer period as may be specified under any Applicable Law/Authority.
We hereby expressly clarify that User’s CDD records and documents (including transactions) will be kept for at least 5 years after the business relationship has ended. We shall make available the identification records and transaction data to the authorities upon request.
Employee training
Adequate screening mechanisms as an integral part of our personnel recruitment/hiring process shall be put in place to ensure high standards and equal and fair opportunity when hiring employees.
Employee training programs are put in place so that the members of concerned staff are adequately trained in KYC/AML/CFT policy. The focus of the training could be different for frontline staff, compliance staff, risk management staff, Audit staff, and staff dealing with new customers. The front desk staff is trained to handle issues arising from a lack of customer education. Proper staffing of the audit function with persons adequately trained and well-versed in KYC/AML/CFT policies, regulations, and related issues also ensures its proper implementation. The AML training frequency is every 6 months.
We may put in place policies and FAQs to answer any queries or questions of the Users and satisfy them while seeking information in furtherance of the Policy.
We have made every effort to ensure that this Policy adheres to the applicable laws. The invalidity or unenforceability of any part of this Policy shall not prejudice or affect the validity or enforceability of the remainder of this Policy. This Policy does not apply to any information other than the information collected by Us through the Platform.