KYC & AML Policy

The objective of this policy framework is to:

RBI has issued relevant directions on Know Your Customer (KYC) time to time in the context of the Recommendations made by the FATF on AML standards. Financial Intelligence Unit – India has also issued guidance for NBFCs on effective processes for detecting and reporting suspicious transactions. The Company shall, therefore, adopt the same with suitable modifications depending upon the activity undertaken by the Company and ensure that a proper policy framework on KYC and AML measures is formulated and put in place with the approval of the Board of Directors of the Company.

The provisions contained in this Policy in respect of KYC Compliance and procedures shall apply to the Company except in so far as the same are inconsistent with any statutory modification thereof, including any applicable judicial pronouncement(s). In case of any contradiction, the statutory modified provisions and/or the applicable judicial pronouncement shall prevail.

The Policy takes into account regulatory documents published by regulatory bodies, as and when become applicable (hereinafter collectively referred as 'Applicable Laws'), in particular:

The Policy represents an integral part of the overall risk management of the Company. Further, the process documents/ standard operating procedures on following matters shall form part of the Policy:

The meaning of capitalised terms and abbreviations used in this Policy is set out below. The words and abbreviations used in this Policy shall have the same meaning as defined in KYC Norms issued by RBI, as amended from time to time, unless the same has been defined explicitly in this Policy.

'Audit Committee' means the committee of directors constituted, or to be constituted, by the Board to discharge the roles & responsibilities specified under the provisions of Section 177 of the Companies Act, 2013 read with para 3 of Corporate Governance (Reserve Bank) Directions, 2015 issued by Reserve Bank of India.

'AML' means Anti-Money Laundering.

'Board' means the Board of Directors of the Company constituted under the provisions of the Companies Act, 2013.

'Beneficial Ownership/ Owner' means the natural person(s), who, whether acting alone or together or through one or more juridical persons, has/ have:

'Cash Transactions' mean and include:

'CEO' means the Chief Executive Officer of the Company.

'CFT' means Combating of Financing of Terrorism.

'Customer' may be defined as: (a) a person or entity who is engaged in a financial transaction or activity with the Company; (b) a person on whose behalf the person who is engaged in the transaction or activity is acting (i.e. the beneficial owner).

'Customer Identification' means identifying the customer and verifying his/ her identity by using reliable, independent source documents, data or information.

'CERSAI' means Central Registry of Securitisation Asset Reconstruction and Security Interest of India.

'CKYCR' means Central KYC Registry set up by the Government of India to receive, store, safeguard and retrieve the KYC records in the digital form of a client and to act as a centralized repository of KYC records of customers in the financial sector and inter-usability of the KYC records across the sector.

'Compliance Department' means the Compliance Department of the Company.

'Digital Lending Platforms/ Channels' means loans disbursed through digital lending platforms/ channels imply loans taken through signing on digital lending app/ web platform, whether or not assisted by the Company representative.

'FATF' means Financial Action Task Force.

'FIU-IND' means Financial Intelligence Unit – India.

'High Net Worth' means a net worth of INR 50 million or more.

'Identity' generally means a set of attributes which together uniquely identify a natural or legal person. Following attributes, combination thereof, should be considered for satisfying with the identity of the individual Customer: (a) Name; (b) Photograph; (c) Date of Birth; (d) Father’s/ Mother’s/ Spouse’s name; (e) Residential address.

'KYC' means Know Your Customer.

'NBFC' means Non-Banking Financial Company.

'NSDL' means National Securities Depository Limited.

'Offence of Money Laundering' is defined as: 'whosoever directly or indirectly attempts to indulge or knowingly assists or knowingly is a party or is actually involved in any process or activity connected with proceeds of crime including its concealment, possession, acquisition or use and projecting or claiming it as untainted property shall be guilty of offence of money laundering.' Money Laundering is moving illegally acquired money through financial systems so that it appears to be legally acquired. There are three common stages of money laundering – (a) Placement – the physical disposal of cash proceeds derived from illegal activity; (b) Layering – separating illicit proceeds from their source by creating complex layers of financial transactions designed to disguise the source of money, subvert the audit trail and create anonymity; and (c) Integration – creating the impression of apparent legitimacy to criminally derived wealth.

'Officer at the Management Level', for the purpose of this Policy, means and includes the employee of the Company upto two levels below Chief Executive Officer of the Company (CEO-2).

'PEP' or 'Politically Exposed Persons' means individuals who are or have been entrusted with prominent public functions by a foreign country, including the Heads of States/ Governments, senior politicians, senior government or judicial or military officers, senior executives of state-owned corporations and important political party officials, and declares such status to the Company while availing loan from the Company.

'RBI' means Reserve Bank of India.

'Residential Address' means the address at which a person usually resides and can be taken as the address as mentioned in documents accepted by the Company for verification of the address of the Customer.

'Senior Management', for the purpose of this Policy, means and includes Chief Executive Officer and the function heads of the Company.

'Screening List' means the list, maintained by the Company for screening of the Customers and shall include lists prescribed by RBI, FIU-IND or any other concerned authorities time to time or the list internally maintained by the Company basis which the Company shall identify Unacceptable High Risk customers as per this Policy and take appropriate action.

'STR' means Suspicious Transaction Report.

'Sanctions' or 'Sanction List' means the lists of individuals and entities that any one or more of E.U., U.S., U.N. or Interpol, Economic Offence Wing and/ or Ministry of Home Affairs, as available to the Company from time to time, or any other local authority, including RBI, has listed as the target or subject of Sanctions, including checks based on specific geographies, government and restricted activities (prescribed by Company). The updated list of terrorist organisations, namely, ISIL (Da’esh) & Al-Qaida Sanctions List and 1988 Sanctions List can be accessed at the United Nations website.

'Suspicious transaction' means a transaction, including an attempted transaction whether or not made in cash, which, to a person acting in good faith: (a) gives rise to a reasonable ground of suspicion that it may involve proceeds of an offence specified in the Schedule to the Act, regardless of the value involved; or (b) appears to be made in circumstances of unusual or unjustified complexity; or (c) appears to have no economic rationale or bonafide purpose; or (d) gives rise to a reasonable ground of suspicion that it may involve financing of the activities relating to terrorism. Explanation: Transaction involving financing of activities relating to terrorism includes transaction involving funds suspected to be linked or related to, or to be used for terrorism, terrorist acts or by a terrorist, terrorist organisation or those who finance or are attempting to finance terrorism.

'Terrorist financing' is, in general, the processing of legally or illegally sourced funds or other financial assets to sponsor or facilitate terrorist activity (hereinafter the 'Terrorist Financing/ TF/ CTF').

'UCIC' means Unique Customer Identification Code.

'UIDAI' means Unique Identification Authority of India.

Unless defined herein, all other expressions shall have the same meaning as has been assigned to them under the Reserve Bank of India (Non-Banking Financial Companies – Know Your Customer) Directions, 2025, Banking Regulation Act, 1949, the Reserve Bank of India Act, 1935, the Prevention of Money Laundering Act, 2002, the Prevention of Money Laundering (Maintenance of Records) Rules, 2005, the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 and regulations made thereunder, any statutory modification or re-enactment thereto or as used in commercial parlance, as the case may be.

The Board shall appoint a 'Designated Director' to ensure overall compliance with the obligations imposed under Chapter IV of the PML Act and the Rules. The name, designation, contact details and address of the Designated Director shall be communicated to the Reserve Bank of India and FIU-IND. In no case, the Principal Officer shall be nominated as the 'Designated Director'.

In accordance with the specific terms and conditions applicable to the Company, as outlined by the RBI in its letter dated July 10, 2018, regarding grant of registration as NBFC, the Company shall within one month of starting its commercial business, communicate the name, designation and address of the Principal Officer and Designated Director to the Financial Intelligence Unit-India (FIU-IND) and shall intimate the same to the Regional Office of RBI under whose jurisdiction the registered office of the Company is located, not later than one month of such appointment. The 'Designated Director' means a person designated by the company to ensure overall compliance with the obligations imposed under Chapter IV of the PML Act and the Rules. NBFCs can also designate a person who holds the position of senior management or equivalent as 'Designated Director'.

The Board shall appoint a senior officer at the management level as Principal Officer. The name, designation, address and contact details of the Principal Officer shall be communicated to the Reserve Bank of India and FIU-IND. Principal Officer shall be responsible for:

The Company should develop & implement a clear process for acceptance of a person or entity as a ‘Customer’. The Company shall ensure that:

The Company must ensure that no loan shall be provided in, or business relationship shall be entered with, anonymous or fictitious/ benami name(s). The processes of the Company must ensure that such transactions are rejected at the application stage only.

The Company shall maintain a Screening List of persons as available in public domain and/ or accessible to the Company. The Company should ensure duplication check during the stage of acceptance of the customer and/ or during regular reviews of the portfolio, including of relationships which may involve accepting assets that are known or suspected to be proceeds of criminal activities or to be used for or in connection with terrorist activities.

The Company shall not grant a loan to any person who fails to abide by the extant KYC Norms prescribed by RBI. Before granting loans or entering into any business relationship, the Company must ensure that the customer is verified and identified and the data/ information furnished to the Company is reliable. However, the Company should ensure that no harassment shall be caused to the customer.

Where the Company is unable to apply appropriate KYC measures due to non-furnishing of information and/or non-cooperation by the customer, the Company should close the loan account or terminate the business relationship after issuing due notice to the customer explaining the reasons for taking such a decision. The Company should prescribe a detailed process to identify such cases, verifying if the customer has a genuine issue in non-complying with KYC measures of the Company or if the customer is involved in any fraudulent, money laundering, financing of terrorist activities, obtaining requisite information required for decision-making purposes and closing the account of the customer if so decided.

The Company shall consider filing a Suspicious Transaction Report (STR), if necessary, where the Company forms a suspicion of money laundering or terrorist financing, or it is unable to comply with the relevant customer due diligence measures in relation to the customer or where the Company reasonably believes that performing the due diligence process will tip-off the customer.

Where the Company forms a suspicion of money laundering or terrorist financing, and it reasonably believes that performing the CDD process will tip off the customer, it shall not pursue the CDD process and instead file an STR with FIU-IND.

The Company shall put in place adequate systems, processes and controls to ensure that no loan is sanctioned/ approved if applied by/ through an intermediary or on behalf of another person/ entity.

The Company shall put in place adequate systems, processes and controls to ensure that no loan is sanctioned/ approved if applied by two or more borrowers jointly.

The Company shall inform the customers in advance about the mandatory information required for KYC purposes along with loan application as well as during the periodic updation. Where the Company needs additional information, such information should be obtained with the explicit consent of the customer. The Company shall apply the customer due diligence procedure at the UCIC level. The Company shall ensure that introduction is not to be sought while opening loan accounts.

Permanent Account Number (PAN) obtained from the customer shall be verified from the verification facility of the issuing authority or an equivalent e-document is obtained from the customer, the Company shall verify the digital signature as per the provisions of the Information Technology Act, 2000.

The Company shall not deny any financial facility to persons who are financially or socially disadvantaged, including the Persons with Disabilities (PwDs) solely on the ground of such disadvantage. The Company shall not reject an application for onboarding or periodic updation of KYC without application of mind. The officer concerned shall duly record the reason(s) for rejection.

The Company shall ensure that no account is opened for money mules and the instructions on opening of accounts and monitoring of transactions shall be strictly adhered to, in order to minimise the operations of 'Money Mules' which are used to launder the proceeds of fraud schemes (e.g., phishing and identity theft) by criminals who gain illegal access to accounts by recruiting third parties which act as 'money mules.' The Company shall undertake diligence measures and meticulous monitoring to identify accounts which are operated as money mules and take appropriate action, including reporting of suspicious transactions to FIU-IND.

For the purpose of complying with the Policy, the customers should be categorised into low, medium, high and unacceptable high risk based upon the risk parameters for which adequate information/ data must be collected at the application stage i.e. type of loan product offered, purpose of availing loan, customer’s identity, location of customer, source of funds to estimate the social/ financial status, nature of business activity, customer’s past/ existing relationship with the Company and delivery channel used for application/ grant of loan.

However, while preparing a customer profile, the Company should take care to specify and seek only such information from the customer which is either relevant to the risk category or required by law and is not intrusive. The documents and/ or information should be collected from the customer keeping in mind the perceived risk associated with such customer and regulatory requirements applicable from time to time. Based on the information/ data provided by the customer and due verification of such information/ data the decision shall be taken accordingly on the loan application of such customer. Least manual intervention should be ensured in such decision-making process and the help of information technology should be taken to the extent possible. While considering customer’s identity, the ability to confirm identity documents through online or other services offered by issuing authorities may also be factored in.

Based on the aforesaid risk parameters, the customers shall be categorised into below stated risk categories (refer Annexure 1 for detail):

The risk rating model of the Company shall be based on the weighted risk computation wherein each parameter is assigned a 'risk score' and a 'weight' is attached to the parameter depending upon its criticality to the overall risk. The output score is compared to a final scale. While assigning risk score and weight to various parameters, critical and more accurate parameters shall be given their due weightage from AML risk perspective for the purpose of risk scoring the customer. The Company may, from time to time, revisit the weights and parameters based on regulations, market behaviour and industry practices.

The Company shall keep the risk categorisation of a customer and the specific reasons for such categorisation confidential and shall not reveal this information to the customer to avoid tipping off.

The Company should obtain sufficient information necessary to establish, to their satisfaction, the identity of each new Customer and the purpose of the intended nature of the relationship. Any additional information about the Customer, if needed, shall be obtained with the consent of the Customer.

The Company must set up adequate procedures to identify customers in the following cases (as applicable) in the normal course of transaction with the customer:

The Company shall ensure that introduction is not to be sought while opening accounts.

In order to avoid multiple identities within the Company, the Company shall allot a unique identification code for each customer while entering into new relationships with individual customers as also the existing individual customers. UCIC will help the Company to identify customers, track the facilities availed, monitor financial transactions in a holistic manner and enable the Company to have a better approach to risk profiling of customers. Thus, if an existing KYC-compliant customer of the Company desires to open another account or avail of any other product or service from the Company, there shall be no need for a fresh CDD exercise as far as identification of the customer is concerned.

The Company shall apply the following procedures while establishing any relationship with any customer.

The Company shall apply the following procedure while establishing any relationship with an individual Customer:

The Company shall include following procedure for enhanced due diligence of Medium Risk customers:

The Company shall include the following procedure for enhanced due diligence of Acceptable High Risk customers:

Basis the loan amount and tenure opted by the customer, the Company may provide V-CIP as the first option to the customer for remote onboarding. Further, the customers onboarded in non-face to face mode shall be categorized as high-risk customers until the identity of the customer is verified in face-to-face manner or through V-CIP.

The Company grants loans only to individuals. However, the Company has financial relationship with entities as well viz. companies, partnership firms, proprietorship firms, or any other entity. For entering into any such relationship, certified copies of the following documents or equivalent e-documents shall be obtained:

Further, the CDD procedure, as applicable in the case of individual Customers shall mutatis mutandis apply to the authorised employees of the entity as per Annexure 2. In case of entities, the Beneficial Ownership of such entity needs to be determined. Provided that, where the customer or the owner of the controlling interest is (i) an entity listed on a stock exchange in India, or (ii) an entity resident in jurisdictions notified by the Central Government and listed on stock exchanges in such jurisdictions, or (iii) a subsidiary of such listed entities, it is not necessary to identify and verify the identity of any shareholder or beneficial owner of such entities. In cases of trust/ nominee or fiduciary accounts, whether the customer is acting on behalf of another person as trustee/ nominee or any other intermediary is determined; in such cases, satisfactory evidence of the identity of the intermediaries and of the persons on whose behalf they are acting, as also details of the nature of the trust or other arrangements in place shall be obtained.

Notwithstanding the list of documents as stated above, in case of change, if any, in the regulations as notified by RBI from time to time, the list of documents as prescribed by RBI shall prevail over the above.

The Company may have in place one or more of the processes to identify and verify the customers at the time of applying for a loan as enlisted below. Appropriate methods of verification of customer identity be adopted given the nature of the business process, the products and services provided and the associated risks.

The ultimate responsibility for customer due diligence and undertaking enhanced due diligence measures, as applicable, will be with the Company and shall never be outsourced. In this regard, the Company need to ensure that any deviations, if any, in the customer KYC is validated and verified as per applicable laws from time to time.

It is hereby clarified that the Customers onboarded through the digital lending platform and the identity of such Customers verified through any of the following due diligence processes shall be considered as ‘non face to face customers’ categorised under ‘Acceptable High Risk Customers’ until the identity of the customer is verified in face-to-face manner or through V-CIP:

In case there is no change in the customer information but the documents available with the Company are not as per the customer due diligence requirement as prescribed under this Policy, periodic updation shall be carried out by the Company equivalent to that applicable for on-boarding a new customer.

Further, in case the validity of the documents available with the Company has expired at the time of periodic updation, or application received for subsequent loan from the Customer, as the case may be, the periodic updation to be carried out by the Company shall be equivalent to due diligence followed for on-boarding a new customer.

NSDL verification of PAN details to be done for the concerned customer eligible of Re-KYC at the time of periodic updation.

The Company shall ensure that the enhanced due diligence measures in respect of Acceptable High Risk Customers as prescribed under this Policy are adhered to.

The Company shall ensure to provide acknowledgment to the customer mentioning the date of receipt of the relevant document(s), including self-declaration from the customer, for carrying out periodic updation with the date of having performed the updation.

Before granting another loan to the existing Customer, the Company shall seek the necessary information from the Customer to check if there is any change in information provided by the customer earlier. Such verification may happen even if the period of two/ eight/ ten years has not elapsed since the date of the first loan, or last verification, as the case may be.

The Company shall advise the customers that in order to comply with the Applicable Laws, in case of any update in the documents submitted by the customer at the time of establishment of business relationship/ account-based relationship and thereafter, as necessary, customers shall submit to the Company the update of such documents within 30 days of the update to the documents for the purpose of updating the records at the Company’s end. The Company shall provide adequate facility to the customers for such purpose.

The Company shall intimate its customers, in advance, to update their KYC. Prior to the due date of periodic updation of KYC, the Company shall give at least three advance intimations, including at least one intimation by letter, at appropriate intervals to its customers through available communication options/ channels for complying with the requirement of periodic updation of KYC.

Subsequent to the due date, the Company shall give at least three reminders, including at least one reminder by letter, at appropriate intervals, to such customers who have still not complied with the requirements, despite advance intimations.

The letter of intimation/ reminder may, inter alia, contain easy-to-understand instructions for updating KYC, escalation mechanism for seeking help, if required, and the consequences, if any, of failure to update their KYC in time. Issue of such advance intimation/ reminder shall be duly recorded in the Company’s system against each customer for audit trail.

The customer may request the update of the residential address by providing to the Company his/ her Aadhaar in electronic form digitally signed by the concerned authority in such manner as specified by the Company in compliance with Applicable Laws.

The Company shall have suitable process to change the registered mobile number of the customer in its records after due verification. In order to prevent frauds, alternate mobile numbers shall not be linked post CDD with such accounts for transaction OTP, transaction updates, etc. The Company shall permit transactions only from the mobile number used for account opening.

The Company shall undertake on-going due diligence of customers to ensure that the transactions with such customers are consistent with their knowledge about the customers, customers’ business, risk profile and the source of funds. For ongoing due diligence, the Company shall implement appropriate AML software and other suitable tools/ technologies to support effective monitoring.

The extent of monitoring shall be aligned with the risk category of the customer. A system of periodic review of risk categorisation of accounts, with such periodicity being at least once in six months, and the need for applying enhanced due diligence measures, if required, shall be put in place.

The Company shall ensure regular monitoring of the transactions of the customer with the Company. Such monitoring should cover:

With a view to ensuring that amounts are paid out of clearly identifiable sources of funds, the Company shall ensure that no cash of Rs.50,000/- and above is accepted from a Customer/ any other intermediary (auction cases) without obtaining a copy of the PAN card/ Form 60 of the Customer/ any other intermediary along with a valid identity proof and signature proof.

The extent of monitoring should depend on the risk sensitivity of the customer and should not result in undue harassment to the bona fide customers.

The Company shall usually adopt the risk-based approach to the KYC requirements. Consequently, there can be circumstances when it will be both necessary and permissible to apply commercial judgment while verifying the customer. The decision on the admissibility of the customer shall be taken on the result of verification, social/ financial status of the customer apart from the documents submitted by the customer.

Special attention should be paid to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose. Background of such transactions, including all documents/ office records/ memorandums pertaining to such transactions, as far as possible, should be examined by the Principal Officer for recording his/ her findings.

The Company shall have effective monitoring procedures including systems to generate alerts in case of any suspicious transactions or violation of the Policy. The Company shall adopt a process defining roles and responsibilities of various functions/ departments in relation to monitoring of transactions and alert management requirements, including:

The Company shall ensure independent audit of the entire process of alert generation, monitoring and reporting of transaction is reviewed by internal auditors on a yearly basis (at least) to ensure that the process of monitoring and reporting is effective and follow up of actionables, if any, be adhered to within agreed timelines.

The Company shall carry out ‘Money Laundering and Terrorist Financing Risk Assessment’ exercise at least annually to identify, assess and take effective measures to mitigate its money laundering and terrorist financing risk for clients, countries or geographic areas, products, services, transactions or delivery channels, etc.

The Company shall formulate and design a risk assessment process taking into consideration:

The Company shall apply a risk-based approach for mitigation and management of the risks (identified on their own or through national risk assessment) during such assessment and prescribe appropriate controls and procedures in this regard and monitor the implementation of such controls and enhance them, if necessary.

The Company shall properly document its risk assessment and it shall be proportionate to the nature, size, geographical presence, complexity of activities/ structure, etc. of the Company. The outcome of such assessment shall be approved by the Board or any committee of the Board to which power in this regard has been delegated. The outcome shall also be made available to competent authorities and self-regulating bodies.

The Company shall apply a Risk Based Approach (RBA) for mitigation and management of the risks (identified on its own or through national risk assessment) and shall have Board-approved policies, controls and procedures in this regard. The Company shall implement a CDD programme, having regard to the ML/ TF risks identified and the size of business. Further, the Company shall monitor the implementation of the controls and enhance them if necessary.

The Company shall maintain the confidentiality of customer information which arises out of the contractual relationship between the Company and the customer. While preparing customer profiles, the Company should take care to seek only such information from the customer which is not intrusive and maintain secrecy of such information. While considering the requests for data/ information from the Government and other agencies, the Company shall satisfy itself that the information being sought is not of such a nature as will violate the provisions of the laws relating to secrecy in the transactions.

The Company shall maintain the confidentiality of customer information:

The exceptions to this provision are:

The Company shall maintain all necessary records of transactions including the documents/ proofs of identity and address of the customer and analysis of records in the following manner:

The Principal Officer of the Company has been entrusted with the responsibility of collating and reporting transactions prescribed under the PMLA and the Rules.

Principal Officer must submit Suspicious Transaction Report (STR) with Financial Intelligence Unit-India (FIU-IND) in the circumstances when the Company believes that it would no longer be satisfied that it knows the true identity of the customer and/ or where appropriate CDD measures not applied.

The information to Director, FIU-IND shall be reported in the prescribed formats and within the statutory time period in respect of the specified transactions in the following manner:

However, it should be ensured that there is no tipping off to the customer at any level in respect of STR.

Certain information is sought by FIU or police authorities by way of notice or alerts. The relevant information from Company database including customer detail, customer transaction detail, etc. shall be reported to the concerned authorities within prescribed time period and format, if any.

The Company shall apply for and obtain registration with CKYCR for sharing the requisite customer’s data available with the Company with CERSAI in terms of the provisions of the Rules.

The Company shall capture customer’s KYC records and upload onto CKYCR within 10 days of commencement of an account-based relationship with the customer. The Company shall follow operational guidelines for uploading the KYC data as issued and amended by CERSAI time to time.

Once KYC Identifier is generated by CKYCR, the Company shall ensure that the same is communicated to the individual/ LE as the case may be.

Whenever the Company obtains additional or updated information from any customer, the Company shall within seven days or within such period as may be notified by the Central Government, furnish the updated information to CKYCR, which shall update the KYC records of the existing customer in CKYCR.

CKYCR shall thereafter inform electronically all the reporting entities who have dealt with the concerned customer regarding updation of KYC record of the said customer. Once CKYCR informs the Company regarding an update in the KYC record of an existing customer, the Company shall retrieve the updated KYC records from CKYCR and update the KYC record maintained by the Company.

In case, the Company has customers who are non-profit organisations, the Company shall register details of such customers on the DARPAN Portal of NITI Aayog.

Company needs to ensure timely or periodic, as the case may be, submission of other ad-hoc reports, if any, to the RBI, as may be sought from time to time.

The Company should have in place an adequate screening mechanism as an integral part of their personnel recruitment/ hiring process. The Company must have an ongoing employee training programme so that the employees are adequately trained in KYC/ AML/ CFT policy and procedures. Training requirements should have different focuses for frontline staff, compliance staff and staff dealing with new customers.

Further, the employees must be trained to:

The Company employees including front-line staff, service provider agents and distributors, as applicable, should be trained on money laundering aspects, including without limitation:

The training of employees and agents, both induction as well as refresher trainings, should be conducted on an ongoing basis, and may be customised based on the roles of the employees and level of customer interaction.

Special Training, wherever required, in case of persons directly connected with the core operations such as KYC verification, credit and risk teams etc., may be imparted to make them understand the reporting processes and kind of data required for reporting purposes.

The Company shall follow the below exit procedure as per the customer category specified below: