KYC AND AML POLICY – Universal Fingrowth

KNOW YOUR CUSTOMER AND ANTI MONEY LAUNDERING POLICY (KYC AND AML POLICY)

Introduction:

M/s UNIVERSAL FINGROWTH PRIVATE LIMITED (“the company”) was incorporated on 27/08/2015 under the Companies Act, 2013, having CIN U65993RJ2015PTC048146 and situated at 84 B, DHULESHWAR GARDEN, SARDAR PATEL MARG, C-SCHEME, JAIPUR, RAJASTHAN-302001.

The company is a registered NBFC in terms of Section 45-IA of the RBI Act, 1934 vide registration number B-10.00239 under the classification as NBFC-Non-Systemically Important Non-Deposit taking Company and regulated by the RBI.

Purpose of the Policy:

Reserve Bank of India, one of the regulatory agencies entrusted with the responsibility of driving the anti-money laundering initiatives advised NBFCs to follow certain customer identification procedure for opening of accounts and monitoring transactions of suspicious nature for the purpose of reporting it to appropriate authority.

Reserve Bank of India (RBI) has issued Master Direction – ‘Know Your Customer’ (KYC) Direction 2016, RBI/DBR/2015-16/18 DBR.AML.BC.No.81/14.01.001/2015-16 dated February 25th, 2016 as amended from time to time thereby setting standards in terms of provisions of Prevention of Money Laundering Act, 2002 and the Prevention of Money Laundering (Maintenance of Records) Rules, 2005 as amended from time to time by the Government of India.

The Company is committed for transparency and fairness in dealing with all stakeholders and in ensuring adherence to provisions of Prevention of Money-Laundering Act, 2002 and the Prevention of Money- Laundering (Maintenance of Records) Rules, 2005, as amended from time to time by the Government of India.

The Company commits that information sought from the customer is relevant to the perceived risk, is not intrusive, and is inconformity with the guidelines issued in this regard. Any other information from the customer shall be sought separately with his /her consent and after effective rendering of services. The company shall also communicate its KYC norms to its customers. The company shall ensure that the implementation of the KYC norms is the responsibility of the entire organisation.

Objective of the policy:

To prevent NBFCs being used, intentionally or unintentionally, by criminal elements for money laundering activities.
To make reasonable efforts to determine the following points:
true identity and beneficial ownership of accounts,
source of funds,
the nature of customer’s business,
reasonableness of operations in the account in relation to the customer’s business etc which in turn would help the Company to manage risks prudently.
To enable the company to have positive identification of its customers.
To develop measures for conducting due diligence

Scope of the Policy:

This policy is applicable across all branches / business segments of the company.

Appointment of Designated Director:

Designated Director” means a person designated by the Company to ensure overall compliance with the obligations imposed under Chapter IV of the PML Act and the Rules.

Designated Officer shall be responsible for monitoring and reporting of all transaction and sharing of information as required under the law.

Mr. Rahul Maheshwari, Managing Director of the company Shall be appointed as Designated Officer to ensure overall compliance with the obligations imposed under chapter IV of the Act and the Rules.

Appointment of Principal Officer:

The Principal Officer shall be responsible for ensuring compliance, monitoring transactions, and sharing and reporting information as required under the law/regulations.

Mr. Rahul Maheshwari, Managing Director of the company shall be appointed as Principal Officer.

Compliance of KYC Policy:

Company shall ensure compliance with KYC Policy through:

A senior officer (designated officer) will constitute as ‘Senior Management’ for the purpose of KYC Compliance.
Allocation of responsibility for effective implementation of policies and procedures at Head office/Regional office/Branch Office Level.
Independent evaluation of the compliance functions of the Company’s policies and procedures, including legal and regulatory requirements be done by Internal auditor and Secretarial Auditor appointed by the Company
Internal team shall verify the compliance with KYC / AML policies and procedures and submit audit notes and compliance to the compliance/finance department on quarterly basis.

Company shall ensure that decision-making functions of determining compliance with KYC norms are not outsourced.

Know Your Customer Standards:

The KYC policy shall include following four key elements:

(a) Customer Acceptance Policy;

(b) Risk Management;

(d) Monitoring of Transactions

Customer Acceptance Policy:

Company’s Customer Acceptance policy (CAP) lays down the criteria for acceptance of customers.

The guidelines in respect of the customer relationship with the company broadly are detailed below:

No account is opened in anonymous or fictitious/benami name(s)/entity(ies);

No account is to be opened where the company is unable to apply appropriate CDD measures, either due to non-cooperation of the customer or non-reliability of the documents/information furnished by the customer;

No transaction or account-based relationship is undertaken without following the CDD procedure;

The mandatory information to be sought for KYC purpose while opening an account and during the periodic updation, is specified;

‘Optional’/additional information, is obtained with the explicit consent of the customer after the account is opened;

The company shall apply the Customer Due Diligence (CDD) procedure at the unique Customer Identification Code (UCIC) level. Thus, if an existing KYC compliant customer of a company desires to open another account with us, there shall be no need for a fresh CDD exercise;

CDD Procedure is followed for all the joint account holders, while opening a joint account;

Circumstances, in which a customer is permitted to act on behalf of another person/ entity shall be clearly spelt out;

Suitable system is put in place to ensure that the identity of the customer does not match with any person or entity, whose name appears in the sanctions lists circulated by Reserve Bank of India;

Where Permanent Account Number (PAN) is obtained, the same shall be verified from the verification facility of the issuing authority;

Where an equivalent e-document is obtained from the customer, company shall verify the digital signature as per the provisions of the Information Technology Act, 2000;

Adoption of customer acceptance policy and its implementation shall not become too restrictive and shall not result in denial of financial services to general public, especially to those, who are financially or socially disadvantaged.

Where Goods and Services Tax (GST) details are available, the GST number shall be verified from the search/verification facility of the issuing authority

Risk Management:

For Risk Management, the Company will have a risk-based approach which includes the following:

Customers shall be categorized as low, medium and high-risk category, based on the assessment and risk perception of the Company;

Risk categorization shall be undertaken based on parameters such as customer’s identity, social/financial status, nature of business activity, and information about the clients’ business and their location etc. While considering customer’s identity, the ability to confirm identity documents through online or other services offered by issuing authorities may also be factored in;

The customers will be monitored on regular basis with built in mechanism for tracking irregular behaviour for risk management and suitable timely corrective action;

HIGH RISK:

Borrowers profile of Advocate, politician, saints/priest, Police etc,
Business with obsolete technologies
Fraud accounts
Transaction from unidentified sources
Political exposed persons
Associates /associated with PEP
Suspicious entity
Incomplete KYC holding customers
Financing to unaccepted customer profiles i.e. group financing to a particular community
Borrowers/customers having high account turnovers inconsistent with the size of balance sheet or source of income/turnover.
Huge transactions with third party cheques with unjustified reasons.
Huge irrelevant transactions with the associated/sister/allied concerns
Financing to customer having suspicious identity.
Financing to flat/house in blacklisted cooperative society
Persons/entities warned by the regulatory authority of various nations.
Borrowers/customers/Entities involved in Casino/ gambling/lottery business.
Customer who fails to meet the Due Diligence requirement of the Institutions.
Other category of borrowers/customers as determined by the Company from time to time

MEDIUM RISK:

Source of income without having documentary proof
Financing to borrower having various deviation relating to KYC
Firms, companies, institutions or businesses which are not regulated however tax clearance is up-to-date regularly.
Firms or individuals that conduct transactions mostly in cheque.
Non-profit making national and international organizations with clearly justifying sources and usage of fund; and employee of these organizations.
Cash intensive businesses such as Dairy, vegetable shops restaurants, departmental stores, retail traders etc.
Borrowers like Non-financial institutions like real estate dealers, second hand items dealers, jewellery shops, dealers in high value commodities, Petrol pumps travel agencies, money transfer agencies etc.
Other category of borrowers/customers as determined by the Company from time to time

LOW RISK:

borrower profile of salaried employees and conducting transaction justified by their salary structure.
Customers having unsuspicious transactions.
Customers/borrowers having justified, bonafide, regulated, source of income.
Customers maintaining average legal transactions whose KYC requirement is fulfilled as per regulatory requirement.
Self-employed individuals whose income statement justifies the transaction on account maintained by such individual.
Institutions that regularly publish their financial statements for general public and those are regulated and supervised by their regulator and supervisor.
Public limited companies enlisted for share transaction in Security Exchange
Government bodies, government owned companies, regulatory and supervisory bodies, semi government corporations, Financial Institutions licensed by the regulatory bodies etc.
Borrowers those are neither reported in High Risk nor in Medium Risk will be categorised in Low Risk.
Borrowers/customers identified with fully verified KYC documents/officially valid documents
Other category of borrowers/customers as determined by the Company from time to time

Customer Identification Procedures (CIP):

Customer identification means refers to the process of identifying the customer and verifying his/her identity with the help of reliable, independent source documents, data or information. NBFCs have been advised to lay down a Customer Identification Procedure to be carried out at different stages i.e. while establishing a relationship; carrying out a financial transaction or when the NBFC has a doubt about the authenticity/veracity or the adequacy of the previously obtained customer identification data.

For the purpose of the KYC Policy, a customer is defined as:

A person or entity that has relationship with the NBFC;
One on whose behalf the account is maintained (i.e. the beneficial owner);
Any person or entity connected with a financial transaction, which can pose significant reputation or other risks to the NBFC.

List of documents required to be obtained from customers:

The features to be verified and documents that may are required to be obtained for customers, vary. A list of documents which can be sought from customers is as below mentioned:

Customer Due Diligence:

The company will carry out the due diligence in respect of each customer as below mentioned:

Sr. No.	Type of Customers	Due diligence particulars
1	For Individuals or individual who is a beneficial owner, authorised signatory or the power of attorney holder	In case of customers that are natural person or a Individuals who are beneficial owner on any legal entity then the Company will obtain sufficient identification data to Verify such as: (a) Aadhar Card and any other one identity proof (b) PAN card or form 60 (c) Utility bills such as electricity, water, landline telephone bills, etc. (d) recent photograph (e) Any other required documents as per KYC checklist The Company may also undertake V-CIP to carry out CDD in adherence to the standards as prescribed under PML Act/ RBI guidelines/KYC Policy.
2.	For Sole Proprietary firms	For sole proprietary firm, CDD of the individual (proprietor) shall be carried out and in addition of the above, any two of the following documents or the equivalent e-documents there of as a proof of business/ activity in the name of the proprietary firm shall also be obtained: (a) Registration certificate including Udyam Registration Certificate (URC) issued by the Government (b) Certificate/licence issued by the municipal authorities under Shop and Establishment Act (c) Sales and income tax returns (d) CST/VAT/ GST certificate (e) Certificate/registration document issued by Sales Tax/Service Tax/Professional Tax authorities (f) IEC (Importer Exporter Code) issued to the proprietary concern by the office of DGFT or Licence/certificate of practice issued in the name of the proprietary concern by any professional body incorporated under a statute (g) Complete Income Tax Return (not just the acknowledgement) in the name of the sole proprietor where the firm’s income is reflected, duly authenticated/acknowledged by the Income Tax authorities (h) Utility bills such as electricity, water, landline telephone bills, etc (i) any other documents as per KYC checklist The company at its discretion can accept only one documents also in the above mentioned as proof of business/activity. Provided the company may undertake contact point verification and collect such other information and clarification as would be required to establish the existence of such firm, and shall confirm and satisfy itself that the business activity has been verified from the address of the proprietary concern
3.	For Legal Entities	For company, certified copies of each of the following documents or the equivalent e-documents thereof shall be obtained: (a) Certificate of incorporation (b) Memorandum and Articles of Association (c) Permanent Account Number of the company (d) A resolution from the Board of Directors and power of attorney granted to its managers, officers or employees to transact on its behalf. (e) Documents as specified for individual relating to beneficial owner, the managers, officers or employees, as the case may be, holding an attorney to transact on the company’s behalf (f) the names of the relevant persons holding senior management position; (g) the registered office and the principal place of its business, if it is different (h) any other documents as per KYC checklist These requirements may be moderated according to the risk perception for e.g. in the case of a public company it will not be necessary to identify all the shareholders, but at least promoters, directors and its executives need to be identified adequately
4.	For Partnership Firm	For partnership firm, the certified copies of each of the following documents or the equivalent e-documents thereof shall be obtained: (a) Registration certificate (b) Partnership deed (c) Permanent Account Number of the partnership firm (d) Documents as specified for individual relating to beneficial owner, the managers, officers or employees, as the case may be, holding an attorney to transact on its behalf (e) the names of all the partners (f) address of the registered office, and the principal place of its business, if it is different (g) any other documents as per KYC checklist
5.	For trust	For trust, certified copies of each of the following documents or the equivalent e-documents thereof shall be obtained: (a) Registration certificate (b) Trust deed (c) Permanent Account Number or Form No.60 of the trust (d) the names of the beneficiaries, trustees, settlor and authors of the trust (e) the address of the registered office of the trust (f) list of trustees and documents as specified for individual relating to those discharging the role as trustee and authorised to transact on behalf of the trust. (g) any other documents as per KYC checklist
6.	For unincorporated association or a body of individuals	For unincorporated association or a body of Individuals, certified copies of each of the following documents or the equivalent e-documents thereof shall be obtained: (a) Resolution of the managing body of such association or body of individuals (b) Permanent Account Number or Form No. 60 of the unincorporated association or a body of individuals (c) Power of attorney granted to transact on its behalf (d) Documents as specified for individual relating to beneficial owner, the managers, officers or employees, as the case may be, holding an attorney to transact on its behalf (e) Such information as may be required by the RE to collectively establish the legal existence of such an association or body of individuals (f) any other documents as per KYC checklist Unregistered trusts/partnership firms shall be included under the term ‘unincorporated association’. Term ‘body of individuals’ includes societies
7.	For a customer who is a juridical person (not specifically covered in the earlier part) such as societies, universities and local bodies like village panchayats, etc., or who purports to act on behalf of such juridical person or individual or trust	For a customer who is a juridical person (not specifically covered in the earlier part) such as societies, universities and local bodies like village panchayats, etc., or who purports to act on behalf of such juridical person or individual or trust, certified copies of the following documents or the equivalent e-documents thereof shall be obtained and verified: (a) Document showing name of the person authorised to act on behalf of the entity (b) Documents, as specified for individual holding an attorney to transact on its behalf (c) any other documents as per KYC checklist
8.	Obtaining Guarantor on credit facilities	The Company generally insists on “Guarantee” by a known person (who becomes guarantor to a particular credit facility). Obtaining Guarantee from a known person is a process of ascertaining the identity of a person and his acceptability for establishing business relationship and verifying the true identity of the intending customer before opening a credit account. All due diligence is being done after obtaining all the relevant documents. Further, Guarantor also acts as an introducer of the customer to the Company for the credit facilities. All the KYC applicable on customer shall also be applicable on guarantor.
9.	Liabilities of the Guarantor	Guarantor is legally responsible to the Company for the repayment of the credit facilities by the customer and is expected to be in a position to identify/trace the account holder in case of need.
10.	Procedure for providing Guarantee	The Guarantor will be required to sign on the agreement entered into with the Customer at various places provided in the loan agreement form. To execute all the relevant documents in the presence of company’s officials.
11.	Closure of accounts	Where the company is unable to apply appropriate KYC measures due to non- furnishing of information and /or non-cooperation by the customer, the company will consider closing the account or terminating the banking/business relationship after issuing due notice to the customer explaining the reasons for taking such a decision. Such decisions will be taken at a reasonably senior level.

On-going Due Diligence:

The company shall undertake on-going due diligence of customers to ensure that their transactions are consistent with their knowledge about the customers, customers’ business and risk profile; and the source of funds.

Monitoring of Transactions:

The extent of monitoring shall be aligned with the risk category of the customer
High risk accounts have to be subjected to more intensified monitoring.
Periodic review of risk categorisation of accounts shall be done in once in every year by the company

Secrecy Obligations and Sharing of Information:

Company shall maintain secrecy regarding the customer information which arises out of the contractual relationship with the customer;
Information collected from customers for the purpose of opening of account/proving loan shall be treated as confidential and details thereof shall not be divulged for the purpose of cross selling, or for any other purpose without the express permission of the customer.

Periodic Updation of KYC documents as per RBI Guidelines:

According to the Reserve Bank of India’s (RBI’s) guidelines on KYC (Know Your Customer) norms, NBFCs are required to periodically update identification data of their customers, including the customer’s photograph, proof of identity and proof of address. Updating KYC details regularly also ensures the security of your accounts to keep your loan account compliant with RBI’s KYC guidelines. It is necessary for each customer to update the NBFC about his/her latest communication details and the updation shall be carried out on the basis of risk assessment approach for different kind of customers such as for:

For highrisk customers: once in every two years

For medium risk customers: once in every eight years

For low-risk customers: once in every ten years

In case of there is no change in KYC in case of individual or non-individual then the customer need to submit a self-declaration certificate declaring that there is no change in the KYC through their registered mail id or phone number connected with the Aadhar number.

In case of any change in KYC then the process shall undertake equivalent to the on boarding of new customer or at the discretion of senior management level and the changes should be recorded within 30 days from the date of intimation.

CDD Procedure and sharing KYC information with Central KYC Records Registry (CKYCR):

CDD Procedure and sharing KYC information with Central KYC Records Registry (CKYCR) Company shall capture the KYC information for sharing with the CKYCR in the manner mentioned in the Rules, as required by the KYC templates prepared for individuals, Legal Entities or any other as prescribed as the case may be.

Period for presenting payment instruments:

Payment of cheques/drafts/pay orders/banker’s cheques, if they are presented beyond the period of three months from the date of such instruments, shall not be made.

Unique Customer Identification Code (UCIC):

A Unique Customer Identification Code (UCIC) shall be allotted while entering into new relationships with individual customers as also the existing customers by the company;
The company shall, at their option, not issue UCIC to all walk-in/occasional customers such as buyers of pre-paid instruments/purchasers of third-party products provided it is ensured that there is adequate mechanism to identify such walk-in customers who have frequent transactions with them and ensure that they are allotted UCIC.

Quoting of PAN

Permanent account number (PAN) or equivalent e-document thereof of customers shall be obtained and verified while undertaking transactions as per the provisions of Income Tax Rule 114B applicable to company, as amended from time to time. Form 60 shall be obtained from persons who do not have PAN or equivalent e-document thereof.

Employee training

On-going employee training programme shall be put in place so that the members of staff are adequately trained in AML/KYC policy. The focus of the training shall be different for frontline staff, compliance staff and staff dealing with new customers. The front desk staff shall be specially trained to handle issues arising from lack of customer education. Proper staffing of the audit function with persons adequately trained and well versed in AML/KYC policies of the Company, regulation and related issues shall be ensured.

RECORD MANAGEMENT:

The following steps shall be taken regarding maintenance, preservation and reporting of customer account information, with reference to provisions of PML Act and Rules. Company shall:

The company shall maintain all necessary records of transactions between the company and the customer, both domestic and international, for at least five years from the date of transaction;

The company shall preserve the records pertaining to the identification of the customers and their addresses obtained while opening the account and during the course of business relationship, for at least five years after the business relationship is ended;

The company shall make available the identification records and transaction data to the competent authorities upon request;

The company shall maintain all necessary information in respect of transactions prescribed under PML to permit reconstruction of individual transaction, including the following:

the nature of the transactions;
the amount of the transaction and the currency in which it was denominated;
the date on which the transaction was conducted; and
the parties to the transaction.
evolve a system for proper maintenance and preservation of account information in a manner that allows data to be retrieved easily and quickly whenever required or when requested by the competent authorities;
Maintain records of the identity and address of their customer, and records in respect of transactions referred to in Rule 3 in hard or soft format.

Points to be noted:

The company shall ensure to redact or blackout the Aadhaar number while sharing the information with any third party due to regulatory requirements
The company shall capture a clear image of PAN card to be displayed by the customer during the process, except in cases where e-PAN is provided by the customer. The PAN details shall be verified from the database of the issuing authority including through DigiLocker.
If the address of the customer is different from that indicated in the OVD, suitable records of the current address shall be taken or allow to submit the address proof within 2 months from the opening of account with the company.
The authorised official of the RE shall ensure that photograph of the customer in the Aadhaar/OVD and PAN/e-PAN matches with the customer.

Money Laundering and Terrorist Financing Risk Assessment:

The company shall carry out ‘Money Laundering (ML) and Terrorist Financing (TF) Risk Assessment’ exercise periodically to identify, assess and take effective measures to mitigate its money laundering and terrorist financing risk for clients, countries or geographic areas, products, services, transactions or delivery channels, etc. The assessment process should consider all the relevant risk factors before determining the level of overall risk and the appropriate level and type of mitigation to be applied. While preparing the internal risk assessment, company shall take cognizance of the overall sector-specific vulnerabilities, if any, that the regulator/supervisor may share with the company from time to time;

The risk assessment by the company shall be properly documented and be proportionate to the nature, size, geographical presence, complexity of activities/structure, etc. of the company. Further, the periodicity of risk assessment exercise shall be determined by the Board of the company, in alignment with the outcome of the risk assessment exercise.

The outcome of the exercise shall be put up to the Board or any committee of the Board to which power in this regard has been delegated, and should be available to competent authorities and self-regulating bodies.
The company shall apply a Risk Based Approach (RBA) for mitigation and management of the identified risk and should have Board approved policies, controls and procedures in this regard. Further, the company shall monitor the implementation of the controls and enhance them if necessary.

Reporting Requirements to Financial Intelligence UNIT – INDIA:

The company will submit the report to the financial intelligence Unit- India (FIU-IND) version 2 about the prescribed transaction as below mentioned within the time period as prescribed in the standard format.

The nature of transactions that’s need to be reported with the ministry as follows:

All cash transactions of the value of more than ten lakh rupees or its equivalent in foreign currency
All series of cash transactions integrally connected to each other which have been individually valued below rupees ten lakh or its equivalent in foreign currency where such series of transactions have taken place within a month and the monthly aggregate exceeds an amount of ten lakh rupees or its equivalent in foreign currency
All transactions involving receipts by non-profit organizations of value more than rupees ten lakh, or its equivalent in foreign currency
All cash transactions where forged or counterfeit currency notes or bank notes have been used as genuine or where any forgery of a valuable security or a document has taken place facilitating the transactions
All suspicious transactions whether or not made in cash
All cross-border wire transfers of the value of more than five lakh rupees or its equivalent in foreign currency where either the origin or destination of fund is in India.
All purchase and sale by any person of immovable property valued at fifty lakh rupees or more that is registered by the reporting entity, as the case may be.

ANNEXURE — I

Customer Identification Procedure Features to be verified and documents that shall be obtained from customers.

KYC CHECKLIST

Documents	ID Proof	Residential Address Proof	Age Proof	Business Address Proof	Business Existence and Stability





Driving license	√	√	√
Election ID card	√	√
PAN Card	√		√		√
Unique ID	√	√	√
Passport	√	√	√
Aadhaar Card	√	√	√
Udhyam Registration Certificate				√	√
Birth Certificate			√
Utility Bills like Electricity Bill, telephone Bill, Mobile bill (not more than 3 months old)		√		√	√
Copy of registered lease/leave and license agreement which is not expired along with the utility bill in the name of the landlord / owner confirming address		√		√	√



Residential Certificate issued by Municipal Corporation /local self-government bodies confirming address		√


Life Insurance Policy or Latest Premium receipt of general / life insurance company (not more than 12 months old in case of annual premium		√	√	√


True Copy of Gas connection book		√
Certificate issued by Ward Officer		√
True Copy of Gas connection book maintaining election roll certifying address of the applicant		√
Employee ID (only for PSU/Govt. employees)			√
School leaving certificate			√
SSC/HSC Admit card or Mark sheet*			√
School/college passing certificate			√
Domicile certificate			√
Shop Act and Establishment Certificate				√	√
Service Tax Certificate				√	√
GST registration certificate					√
Partnership deed				√	√
Certificate of Incorporation				√
MOA/ AOA/ Form 32				√	√
Current Account					√
Complete ITR					√
Any other license from relevant authority					√
Latest (not more than 6 months old) statement of account / passbook maintained with any scheduled commercial bank, duly certified by the bank confirming the address				√
Certificate issued by Municipal corporation / local self-government bodies confirming address				√
Latest available Income Tax/ Wealth Tax Assessment order confirming address				√
Sales Tax registration certificate confirming Address				√
Factory registration certificate confirming address				√
Import export certificate issued by DGFT				√	√
Passport size photograph
Bank verification of the person in whose bank the amount of loan will be disbursed and from which account the repayment will be made.

_______________*End of Document*____________