Know your customer (KYC) policy, on boarding of customer, prevention of money laundering and risk categorization
1. the background
RBI has issued Master Direction “Know Your Customer (KYC) Directions, 2016” having reference no. Master Direction DBR.AML. BC.No.81/14.01.001/2015-16 dated February 25, 2016. The Master Direction issued is mainly in respect of ‘Know Your Customer’ (KYC) Guidelines and Anti Money Laundering Standards (AML) based on ‘Prevention of Money Laundering Act, 2002 and rules thereunder, the recommendations made by the Financial Action Task Force (FATF) on anti-money laundering standards and amendments made in the PMLA, 2002 from time to time. These Directions lay down the minimum requirements / disclosures to be made in respect of clients.
2.1 This Policy shall be treated as internal guidelines for customer acceptance, KYC and AML- PMLA activities undertaken by Zeb IT Service Limited (Zebpay). The objective of this policy is to prevent the Zebpay from being used, intentionally or unintentionally, by criminal elements for money-laundering activities, KYC procedures enable the Zebpay to know/understand their customers and their financial dealings in better way which in turn helps manage the risks prudently.
2.2 To put in place systems and procedures for customer identification and verifying his/her identity and residential address.
2.3 To monitor transactions of a suspicious nature.
2.4 The policy will be disseminated to all employees at all levels in the organization who deal/handle account information, financial transactions, money and customer records etc. relating to the clients.
3. principal officer/ compliance officer and designated director
3.1 Zebpay shall appoint a principal officer/compliance officer. He/She will be located at the Head /Corporate Office of the Zebpay and shall be responsible for internal controls and procedures relating to implementation of this policy and identifying and reporting any suspicious transaction or activity to the concerned authority. The principal officer/compliance officer will be a Head of Risk and Legal of the Zebpay and should be able to discharge the functions with independence and authority. The Board of Directors or its nominated committee can change the principal officer or compliance officer. The Principal Officer shall maintain close liaison with the enforcement agencies and other institutions who are engaged in the fight against the money laundering and terrorist financing.
3.2 While interacting with the client, KYC desk may conduct due diligence of the client for knowing the client’s background, history, financial status / capability assessment of business patterns and to verify genuineness of the client.
3.3 Cross check PAN details of the client like Permanent Account Number, Name, Father’s Name (in case of Individual client), Date of Birth / Incorporation with the details on the website of the Income Tax Department and attach the proof of the same with KYC docket.
3.4 In case PAN details are not matching substantially with PAN details printed on PAN Card and PAN details appearing on IT website, take appropriate action to get it clarified from the client. In case of minor discrepancy in the name, obtain the declaration from the client about the same.
3.5 In case of default or any action taken by any regulatory authorities against such client is found on verification then seek clarification from the client and coordinate with client to find out further details in such default and status as on date.
4. Customer Acceptance Policy (CAP)
The following Customer Acceptance Policy indicates the criteria for acceptance of customers
4.1 No account shall be opened in anonymous or fictitious/benami name(s).
4.2 No Minors.
4.3 No one above the age of 75 years.
4.4 No HUF, Societies.
4.5 Only Indian resident can open account with Zebpay.
4.6 No Foreigner, NRI.
4.7 PAN, Aadhar, Bank details shall be mandatory for every customer.
4.8 Account to be opened through app ONLY.
4.9 No walk ins.
4.10 One customer ONLY one account.
4.11 Enhanced documents may be sought by Zebpay based on the velocity of customers from time to time.
5. Due Diligence from PMLA Point of view
5.1 Customer due diligence (“CDD”) measures shall be applied to an extent that is sensitive to the risk of money laundering and terrorists financing depending on the type of customer, business relationship or transactions involved.
5.2 Zebpay shall determine from available sources of information whether the client or potential client is a politically exposed person.
5.3 Documents required, and other information will be collected from clients as mentioned below. Any additional documents or due diligence can be carried out Zebpay depending upon perceived risk. Below is the indicative list of documents to be collected from the client.
|Types of Entity
||1. PAN card with photo on it
2. Aadhar card
3. Cancelled bank cheque
||1. Company’s PAN Card
2. Certificate of Incorporation
3. Memorandum & Articles of Association
4. Board Resolution for Trading in cryptocurrency using corporate account at Zebpay
5. PAN of Authorised person
6. Cancelled bank cheque
7. PAN Card/ Government approved ID proof of any one of the director
8. Address proof of company
9. Address Proof of authorised person
||1. Pan Card
2. Certificate of Registration (for registered partnership firms only)
3. Partnership Deed
4. Authorisation Letter for trading/investment in Zebpay
5. Pan of Authorized person
6. Address proof of firm
7. Address Proof of authorised person
Note- Apart from these above documents Zebpay reserves the right to call for additional documents for further verification based on customer volume and monitoring pattern.
5.4 In case of corporate, the antecedents of the company (change of name and registered office in particular) and of all promoters and directors will be traced.
5.5 An assessment shall be made of the financial worthiness of the client by obtaining appropriate declarations at KYC stage.
5.6 A thorough assessment shall be carried out to ascertain whether the client is dealing with the company on his own behalf or someone else is the beneficial owner. If there doubts, before acceptance of the clients, thorough due diligence shall be carried out to establish the genuineness of the clients. Secrecy laws shall not be allowed as a reason to disclose true identity of the beneficiary/transacting party.
5.7 No account shall be opened in a fictitious name / benami name or on an anonymous basis.
5.8 No client shall be accepted where it is not possible to ascertain the identity of the client, or the information provided is suspected to be non-genuine, or if there is perceived non-cooperation of the client in providing full and complete information. Zebpay shall not continue to do business with such a person and file a suspicious activity report. Zebpay shall consult the relevant authorities in determining what action it shall take when it suspects suspicious transactions being carried out.
5.9 No transaction or account-based relationship is to be undertaken without following the Client Due Diligence Process.
5.10 Any transaction from the client shall be accepted only after KYC and banking details of the customer are accepted by Zebpay and procedure is completed.
6. client risk categorization
6.1 Based on the various factors and risk parameters, the clients shall be categorized into High, medium and low risk category.
6.2 Certain clients may be of a higher or lower risk category depending on the circumstances such as the client’s background, type of business relationship or transaction, etc. The illustrative factors for risk profiling is given as under (list is indicative and can be expanded as per business requirements and experience):
1) Geographical Location and Category of client. 2) Nature of Business activity 3) Financial Health vs Trade Volume4) Income Range
6.3 The authority to enter in to financial transactions on behalf of a corporate customer (private/public limited company) shall be backed by a resolution of the Board of Directors. In case of a partner entering into a financial transaction on behalf of a partnership firm, the LOA or POA shall be signed by all the remaining partners of the firm. In case of a Trust or a Foundation, such an authority shall be backed by a resolution passed by the Board of Trustees or Managing Board as the case may be.
6.4 Client identification process shall be carried out at following different stages:1) While establishing the relationship with the client.2) While carrying out transactions for the client3) When the Zebpay has doubts regarding the veracity or the adequacy of previously obtained client identification data.
6.5 Failure/Refusal by prospective client to provide satisfactory evidence of identity shall be noted and reported to the higher authority within the organization.
6.6 Risk based Monitoring approach shall be followed. Broad categories of monitoring and reason for suspicion and examples of suspicious transactions for Zebpay are indicated as under:
1) Identity of Client
False identification documents Identification documents which could not be verified within reasonable time.Doubt over the real beneficiary of the account.Accounts opened with names very close to other established business entities
2) Suspicious Background
Suspicious background or links with known criminals
3) Multiple Accounts
Large number of accounts having a common account holder or authorized signatory with no rationale.Unexplained transfers between multiple accounts with no rationale
4) Activity in Accounts
Unusual activity compared to past transactions Sudden activity in dormant accounts Activity inconsistent with what would be expected from declared business
5) Nature of Transactions
Unusual or unjustified complexity No economic rationale or bonafide purpose Source of funds/Cryptocurrencies are doubtful
6) Value of Transactions
Value just under the reporting threshold amount in an apparent attempt to avoid reportingInconsistent with the clients apparent financial standingInconsistency in the transactions pattern by Customers.
7) Zebpay will ensure that information sought from the customer is relevant to the perceived risk, is not intrusive, and is in conformity with the guidelines issued in this regard. Any other information from the customer will be sought separately with the client’s consent and after opening the account.
7. exception handling
Exceptions to this Policy must be approved by the Chief Compliance Officer, or a designated person. All exceptions must be documented, with reasons for the exceptions, including expiration or review date and, wherever necessary, include an action plan and timelines for compliance with the policy.
8. KYC rejection procedures
In case where the documents or information obtained from client is not sufficient as outlined in the policy, the KYC will be rejected unless it is covered under the exception handling procedure as mentioned in clause above. Any changes/amendments made in the Policy shall be put before the Board of Directors in their meeting immediately succeeding such changes/amendments, for purpose of information.
9. effective date and review
The policy would be reviewed in line with review requirements of the Zebpay or as and when considered necessary by Chief Compliance Officer and/or Board of Directors but not later than once a year.