Know Your Customer (KYC), Anti Money Laundering (AML) and Combating Financing of Terrorism Policy [KYC/AML/CFT Policy]
1. Introduction
Pioro Ecom Private Limited (hereinafter referred to as ‘Cryptomunim’, or ‘the Company’) offers which provides services of online investment in Crypto by way of placing sale and/or purchase orders of Users in accordance with PMLA Guidelines on Virtual Digital Assets (“VDA”), March 10, 2023 (“The Guidelines”).
The Guidelines shall be called AML & CFT Guidelines for Reporting Entities Providing Services Related o Virtual Digital Assets (hereinafter called “The Guidelines”) and aim to provide a summary of the provisions of the applicable anti-money laundering, counter-terrorism financing and proliferation financing legislations in India, and implications for the providers of services related to Virtual Digital Assets hereinafter referred to as Service Providers (SPs) and their role in applying Anti-Money Laundering, Countering the Financing of Terrorism and Combating Proliferation Financing (AML/CFT/CPF) obligations. In accordance with the given context, the Company has created a KYC/AML/CFT Policy (‘the Policy’).
In this context, the key regulations, and laws applicable to the Company are:
- Prevention of Money Laundering Act, 2002 and its amendments;
- Prevention of Money Laundering Rules, 2005 and its amendments; and
- AML & CFT Guidelines for Reporting Entities Providing Services Related to Virtual Digital Assets.
By virtue of the Policy, the Company intends to establish a robust and strong KYC/AML/CFT framework that will be adhered to while interacting with the relevant stakeholders.
The Board of Directors (‘the Board’) has the ultimate responsibility for adoption and implementation of KYC/AML/CFT framework.
2. Objective
The Company intends to be a good faith organization and believes in offering the best experience to the Customer. The Policy will be applicable to all employees, Customer, third-party agents/ vendors of the Company. The objective of the Policy are as follows:
- To comply with The Guidelines and other applicable laws (as listed above).
- To adopt a secure and robust process to onboard Customer on the platform;
- To provide all onboarding related information to the Customer in a transparent manner;
- To prevent the Company from being used, intentionally or unintentionally, by criminal person or entities for money laundering or terrorist financing activities;
- Have a system in place for preventing any money laundering financial transaction, terrorism financing and/or any other criminal activities through the Company’s platform;
- Document requirements under the PMLA and relevant guidelines and also to identify, monitor, report any relevant transaction to appropriate authorities; and
- The Policy seeks to i) establish a framework for Customer acceptance, Customer identification and onboarding as per applicable laws, ii) put in place a risk management framework, transaction monitoring and overall due diligence, iii) monitor, investigate and report transactions of suspicious nature to the relevant authorities, iv) assist regulatory and other relevant authorities in investigating suspicious transactions.
3. Definitions
- “Applicable Law” shall mean any applicable statute, law, regulation, ordinance, rule, judgment, order, decree, by-law, approval from the concerned authority, government resolution, order, directive, guideline, policy, requirement, or other governmental restriction in force in India, including without limitation the Prevention of Money Laundering Act 2002 (“PMLA”), the Prevention of Money Laundering (Maintenance of Records) Rules 2005 (“PML Rules”), The Guidelines and various applicable guidelines, rules and regulations of the Computer Emergency Response Team, India, and the Reserve Bank of India or its constituents/payment system providers as applicable, replaced and updated from time to time.
- “Customer” means a person/ entity using/accessing the platform, for investment in Cryptos.
- “Crypto(s)” are virtual digital assets and refer to a cryptographically secured digital representation of value or contractual rights that uses distributed ledger technology and can be transferred, stored, or traded electronically using the platform, including but not limited to bitcoin (BTC) and Ether (ETH).
- “Customer Due Diligence” means identifying and verifying the Customer.
- “Designated Director” means a person designated by the Company to ensure overall compliance with obligations imposed under Chapter IV of the Prevention of Money Laundering Act, 2002 and the Prevention of Money Laundering (Maintenance of Records) Rules, 2005 and will include the Managing Director or a whole-time Director, duly authorized by the Board of Directors.
- “KYC Document/ information” means documents mentioned in Annexure I, including Proof of Identity, Proof of Address, and other such information obtained by the Company for the purpose of onboarding the Customer.
- “Officially Valid Document/OVD” means the passport, the driving license, proof of possession of an Aadhaar Number, or the voter’s identity card issued by the Election Commission of India for the purpose of this definition, ‘Aadhaar Number’ means an identification number as defined under the Aadhaar (Targeted Delivery of Financial and other Subsidies, Benefits and Services) Act, 2016.
- “Politically Exposed Persons” (PEPs) are individuals who are or have been entrusted with prominent public functions in a foreign country
- “Principal Officer” means an officer nominated by the Company, responsible for furnishing information as per rule 8 of Prevention of Money Laundering (Maintenance of Records) Rules, 2005.
- “Suspicious transaction” means a ‘transaction’, including an attempted transaction, whether or not made in cash, which, to a person acting in good faith:
- Gives rise to reasonable ground of suspicion that it may involve proceeds of an offence in the Schedule to the Prevention of Money Laundering Act, 2002, regardless of the value involved; or
- Appears to be made in circumstances of unusual or unjustified complexity; or
- Appears to not have economics rationale or bona-fide purpose; or
- Gives rise to a reasonable ground of suspicion that it may involve financing of the activities relating to terrorism.
4. Scope of the Policy
The Policy is applicable to all functions of the Company dealing with Customer, third-party agents/vendors, and other relevant stakeholders.
5. Key Elements
5.1 Customer Acceptance Policy
The Company will implement a framework to ensure that it does not onboard Customer who engage in unethical, illegal, or which deemed unacceptable as per the risk categorization of the Company. The Company will ensure that it adheres to all the applicable regulations before onboarding Customer on the platform. The Company will implement the following process while accepting the Customer:
- No Customer will be accepted in an anonymous / benami name
- No Customer will be accepted if the Company is unable to identify and verify the Customer either due to their non-cooperation or non-reliability of the documents furnished by them
- No Customer will not be allowed to transact on the platform without Customer due diligence process is complete
- The Customer will be informed about the KYC documentation and information required by the Company, and Customer will be informed about the periodic due diligence
- Identity of the Customer will be checked to ensure that no Customer is onboarded with a criminal background. It will be ensured that the Customer is not associated with any person or entity listed in sanctions list.
- The Company will ensure not to onboard Customer who is associated with the following business/activities:
- Terrorism or terrorist financing or organized crime
- Illicit activities including but not limited to
- Trafficking in narcotics and drug paraphernalia
- Trafficking in weapons, goods, and merchandise
- Use in animals of hormonal substances or trade in such substances
- Animal wildlife trafficking, trafficking in human beings, human organs, tissues and other human body parts
- Piracy
- Being involved in illegal labor
- Child pornography, rape
- Exploitation of prostitution
- Fraud detrimental to the financial interest of India
- Embezzlement by public officials and corruption
- Environmental crime
- Counterfeiting currency or bank notes
- Counterfeiting products and infringement of intellectual property rights
- Provision of investment, fund transfer, or any other financial services without authorization
5.2 Customer Identification Procedure
Customer identification process is the process of identifying the Customer based on documents and information collected from Customer. The details of documents required for Customer identification are mentioned in Annexure I in the Policy. The identification process will be carried out by the Company under the following circumstances:
- At the time of initiation of the account-based relationship with the Customer
- When there is uncertainty around the authenticity of the documents and information provided by the Customer
- When there is a suspicion about money laundering and terrorist financing related activities for an existing Customer of the Company
For the purpose of verifying the identity of the Customer, the following conditions will be adhered to before entering into an account-based relationship:
- Record or information of the Customer due diligence carried out by third party to be obtained by the Company within two days from the third party
- The Company adopts sufficient measures to ensure that all relevant Customer due diligence information is obtained from the third party upon request without any delay
- The third party is regulated, supervised, or monitored for, and has measures in place for compliance with Customer due diligence and record-keeping requirements in line with the requirements and obligations under the Prevention of Money Laundering Act, 2002 (PMLA)
- The third party will not be based in a country or jurisdiction assessed as high risk
- The ultimate responsibility of Customer due diligence and undertaking enhanced due diligence lies with the Company.
5.3 Customer Due Diligence
While onboarding a Customer, the Company will ensure that the decision-making function of determining compliance with regard to the KYC will not be outsourced. The Company will be responsible to take the final decision on onboarding Customers on its platform based on the materiality and risk categorization of the Customer based on information provided by them.
- Key checks to be undertaken for conducting Customer due diligence:
- Check Customer details against the UN Sanctions List and other internal negative list maintained by the Company
- If a PEP Customer is to be onboarded on the platform, the same needs to be approved by the Designated Director
- Check to determine the Ultimate Beneficial Owner (UBO)
- Obtaining sufficient information about the User to identify who is the actual beneficial owner of the crypto assets or on whose behalf a transaction is conducted
- Any other check and may be required by The Guidelines or any other government authority
- The Company will conduct due diligence for both standard onboarding and ongoing due diligence:
- Customers will be onboarded considering the above-mentioned due diligence criteria
- The Company will also undertake ongoing due diligence of the existing Customers to ensure that the transactions performed by the Customer are in line with the details of the Customer and as per the risk profile documented in the system
- Periodic Updation of the Customers will be done in accordance with the risk profile of the Customer i.e., once every two years for high-risk Customers, once every eight years for medium risk Customers and once every ten years for low-risk Customers
- In case a Company feels that there is a higher risk to onboard a Customer, the Company will have enhanced due diligence to assess the Customer by obtaining additional information
- For PEP Customers, the Company will obtain additional information in terms of the source of funds and other relevant information and will get the case approved by the Designated Director before onboarding them on the platform
5.4 Risk Profiling
The risk profiling of the Customer will be conducted based on the information and documents collated from the Customer. The Company will implement a framework for risk-based classification based on their business information, social financial status, background, jurisdiction/location, etc. The Company will categorize Customers into High, Medium, and Low risk based on the following parameters:
- Customer’s background
- Place of residence
- Nature of business/service
- Any other relevant information
The risk assessment will consider all the relevant factors before determining the risk category of the Customer. In addition to this based on the identified risk category, the Company will also ensure to adopt appropriate risk mitigation measures. The risk assessment framework will be documented and reviewed regularly, and it will be made available to authorities as and when required.
The Company will not onboard Customers who are associated with the following activities:
- Customers who are believed to be associated with money laundering or terrorist financing
- Customers who have association with high-risk countries
- Customers associated with the gambling business
- Customers which are PEP or associated with PEP having association in high-risk countries
High Risk Customers need careful evaluation and due to the risky nature of their business which could cause financial or reputation loss or any other compliance issue to the Company. Company would be evaluating the following high-risk business/service association of the Customer and will adopt enhanced due diligence for such Customers:
- Multi-level-marketing scheme
- Prescription drugs, herbal drugs, online pharmacy, etc.
- Gaming
- Forex – buying, selling, trading
- Job services
- Perishable goods
- Matrimony services
- Real estate buying/selling
- Crowd funding
- Website hosting
5.5 Transaction Monitoring
The Company will ensure that there are checks in place for monitoring transactions. The process of monitoring will be in line with the risk categorization of the Customers. The Company will implement a process to monitor all transactions and will keep on reviewing the rules to improvise on the result based on the output of rules.
5.6 Key Appointments
The PMLA and PML Rules require the regulated entities to appoint two key personnel in order to ensure overall compliance specified in the applicable regulations. The Company will appoint the following key individuals:
- Designated Director
The Company will nominate a person as the Designated Director to ensure overall compliance with regard to PMLA and PML Rules. The Designated Director will be nominated by the Board and will be responsible for various functions listed in this Policy. The individual will also manage reporting and liaise with the relevant regulatory authorities.
- Principal Officer
The Company will appoint Principal Officer, other than the person appointed as Designated Director, who will be a senior management officer. Principal Officer is responsible for ensuring implementation of the transaction monitoring provisions of the Policy and will make reporting to the Financial Intelligence Unit – India (FIU-IND).
5.7 Reporting
In accordance with the requirements of PMLA and PML Rules, the following information will be reported to the FIU-IND:
- Suspicious Transaction Report – All transactions that have been identified as suspicious in nature post-investigation will be reported to the FIU-IND no later than seven working days on being satisfied that the transaction is suspicious
The Company will implement a comprehensive transaction monitoring system and a team of experts to monitor, investigate, and report suspicious transactions to the relevant authorities.
5.8 Internal Compliance Audit
The Company’s Internal Audit and Compliance functions will evaluate and ensure adherence to the KYC policies and procedures. As a general rule, the compliance function will provide an independent evaluation of the Company’s policies and procedures, including legal and regulatory requirements. The Management under the supervision of the Board shall ensure that the audit function is staffed adequately with skilled individuals. The compliance in this regard shall be put up before the Board or any Committee of the Board along with their normal reporting frequency. Further, the Company shall have an adequate screening mechanism in place as an integral part of their recruitment/hiring process of personnel so as to ensure that a person of criminal nature/background does not get access, to misuse the financial channel. Compliance audit will be implemented annually or as prescribed by applicable regulations.
5.9 Record Keeping
For the purpose of maintenance, prevention, and reporting of Merchant KYC information and document, the Company will undertake the following activities:
- Maintain all required records of transactions between Customer and the Company for at least five years from the date of the transaction.
- Preserve the records pertaining to the identification of the Customer obtained while onboarding the Customer and during the process of enhanced due diligence and ongoing due diligence
- The records to be shared with the relevant authorities upon request
- Develop a system to store and preserve the data in a manner such that it is safe and secure and can be retrieved easily when required
6. Other Compliances
6.1 Training
The Company will implement an adequate screening mechanism to hire employees/vendors, etc.
Ongoing employee training programs will be conducted for employees working on AML/KYC transactions and the onboarding team responsible for collecting information and documents from the Customer. In addition to this, training will also be given to frontline staff (Sales and Marketing) and the operations team. The training program for the Sales and Marketing team will capture information to handle issues arising from the lack of Customer education, etc. The audit team will monitor activities right from training to onboarding to understand that the Company is complying with all regulations.
The frequency of the training will be annual, and ad-hoc training will be provided in case there is any change in regulation or advice from the authorities. In addition to this, training will be provided to all new employees who join the firm and have an association with any of the relevant functions within thirty days of their joining.
6.2 Confidentiality of Information
The Company will ensure that it keeps the secrecy and confidentiality of Customer’s information and makes any disclosure of such information only to the relevant authorities upon request or as required by the regulations. The information collected from the Customer will be retained with the Company for that specific purpose for which it has been collected, and the Company will not misuse the collected information in any manner.
7. Review of Policy
The Policy will be reviewed at least annually or when significant regulatory changes occur to ensure its continuing suitability, adequacy, and effectiveness by the Board. Any changes and updates to the Policy shall be approved by the Board.
Annexure I
Due Diligence Documents
Category of Customer | Due-Diligence Documents Required |
---|---|
Individual Customers | a) Individual Customers have to mandatorily submit the Permanent Account Number (“PAN”) and Aadhar Card. This would also apply to individuals who are beneficial owners, authorized signatory or power of attorney holders related to any legal entity. |
Sole Proprietary Firm | Any two of the following documents or the equivalent e-documents thereof as proof of business/activity in the name of the proprietary firm shall also be obtained:
|
Company | For opening an account of a company, certified copies of each of the following documents or the equivalent e-documents thereof shall be obtained:
|
Partnership Firm | For opening an account of a partnership firm, the certified copies of each of the following documents or the equivalent e-documents thereof shall be obtained:
|
Trusts | For opening an account of a trust, certified copies of each of the following documents or the equivalent e-documents thereof shall be obtained:
|
Unincorporated association or a body of individuals | For opening an account of an unincorporated association or a body of individuals, certified copies of each of the following documents or the equivalent e-documents thereof shall be obtained:
|