KYC and AML Policy



“Know Your Customer” (KYC) is a set of guidelines aimed at preventing banks, financial institutions and other institutions like non-banking finance companies from being used intentionally or unintentionally by criminal elements for committing financial frauds, transferring or deposits of funds derived from criminal activity or for financing terrorism. KYC procedures also enable non-banking finance companies to know/understand their customers and their financial dealings better, which in turn help them manage their risks prudently. This policy document is a consolidation of various guidelines issued by Reserve Bank of India as also for our company for proper identification of an account holder/customer.

Vaibhav Vyapaar Private Limited (hereinafter referred to as “VVPL”) has adopted Your Customer (KYC) Directions, 2016 pursuant to Master Direction- DBR.AML.BC. No.81/14.01.001/2015-16 (here in after referred to as the KYC directions) in terms of the provisions of Prevention of Money-Laundering Act, 2002 and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, as amended from time to time by the Reserve Bank of India.

The Know Your Customer Directions has been approved by the Board of Directors and the same shall be available on the website of the company. The policy will be updated as and when required.

  1. To lay down explicit criteria for acceptance of customers.
  2. To establish procedures to verify the bona-fide identification of individuals before becoming an account holder/customer.
  3. To enable the company to know/understand the customers and their financial dealings better, this in turn would help the company to manage its risk prudently.
  4. To comply with applicable laws and regulatory guidelines.
  5. To take necessary steps to ensure that its staff/employees are adequately trained in KYC/AML procedures.

The company is primarily engaged in the business of advancing credit to its customers who are individuals.

His policy includes the following four key elements:

  1. Customer Acceptance Policy.
  2. Risk Management.
  3. Customer Identification Procedure (CIP).
  4. Monitoring of Transactions.
Designated Director:
  1. Name of the designated director – Gowrinath Venkata Raghava Itha.
  2. Contact details – 9986611345
  3. CDate of nomination as designated director by the board – 24.10.2019
  4. Date of intimation to the FIU-IND – 12.12.2019
  5. The designated director is not the principal officer of the company.
  6. The designated director is the responsible person for the overall compliance with the obligations imposed under Chapter IV of the PML Act and the rules made there under.
Principal Officer:
  1. Name of the principal officer – Satya Mallidi.
  2. Contact details – 6366828598
  3. Date of nomination as principal officer by the board – 24.10.2019
  4. Date of intimation to the FIU-IND –
  5. The principal officer is not the designated director of the company.
  6. The principal officer is the responsible person for ensuring compliance, monitoring transactions and sharing and reporting information as required under the laws/regulations.
Senior Management:
  1. Names of the senior management – Gowrinath Venkata Raghava Itha.
  2. Contact details – 9986611345
  3. Date of nomination as senior management by the board – 24.10.2019
  4. The senior management shall allocate responsibility among them for effective implementation of this policy. Independent evaluation and internal audit system shall be established to verify compliance with KYC/AML policy and procedures.
  5. Quarterly reports will be submitted to the Audit Committee regarding the compliance.

The company has not outsourced the decision-making functions for determining compliance with this policy.

Customer Acceptance Policy:

VVPL’s Customer Acceptance Policy (CAP) lays down the criteria for acceptance of customers. The guidelines in respect of the customer relationship with VVPL broadly are detailed below:

  1. No account is to opened in anonymous or fictitious/benami name(s)/entity(ies).
  2. Accept customers only after verifying their identity, as per CDD Procedures defined aforesaid and shall be followed for all the joint account holders (including guarantors) as well, while opening a joint account.
  3. Date of nomination as senior management by the board – 24.10.2019
  4. No account is to be opened where appropriate CDD measures could not be applied, either due to non-cooperation of the customer or non-reliability of the documents/information furnished by the customer.
  5. The mandatory information required for KYC purpose while opening an account and during the periodic updation, is specified.
  6. Any additional information will be obtained with the explicit consent of the customer.
  7. The company shall apply the CDD procedure at the Unique Customer Identification Code (UCIC) level. Thus, if an existing KYC compliant customer of the company desires to open another account with company, there shall be no need for a fresh CDD exercise.
  8. Circumstances, in which a customer is permitted to act on behalf of another person/ entity shall be clearly spelt out in conformity with the established law and practice and shall be strictly followed so as to avoid occasions when an account is operated by a mandate holder.
  9. Suitable system is put in place to ensure that the identity of the Customer does not match with any person or entity, whose name appears in the sanctions lists circulated by Reserve Bank of India.

Adoption of customer acceptance policy and its implementation shall not become too restrictive and the company will strive not to inconvenience the general public, especially those who are financially or socially disadvantage.

Risk Management:

For Risk Management, the Company will have a risk-based approach which includes the following:

  1. Customers shall be categorized as low, medium and high risk categories, based on the assessment and risk perception of the Company.
  2. Risk categorization shall be undertaken based on parameters such as customer’s identity, social/financial status, nature of business activity, and information about the client's business and their location, etc. While considering a customer’s identity, the ability to confirm identity documents through online or other services offered by issuing authorities may also be factored in.
  3. Customers will be monitored on a regular basis with built-in mechanism for tracking irregular behavior for risk management and suitable timely corrective action.
Customer Identification Procedure (“CIP”) and Customer Due Diligence (CDD):

Identification is an act of establishing who a person is. In the context of KYC it means establishing who a person purports to be and will involve identifying the customer and verifying his/her identities by using reliable and independent source documents, data or information. For this purpose, the Company will obtain sufficient information necessary to establish to its satisfaction the identity of each new customer, whether regular or occasional, and the purpose of the intended nature of the relationship. Being satisfied means that the Company must be able to satisfy the competent authorities that due diligence was observed based on the risk profile of the customer in compliance with the extant guidelines in place. Such risk-based approach is considered necessary to avoid disproportionate cost to Company and a burdensome regime for the customers.

The Company shall undertake identification of customers in the following cases:

  • Commencement of an account based relationship with the customer
  • When there is a doubt about the authenticity or adequacy of the customer identification data it has obtained.
  • Selling their own products, selling third party products as agents and any other product for more than Rs.50,000/-.
  • Carrying out transactions for a non-account based customer (walk-in customer); where the amount involved is equal to or exceeds rupees fifty thousand.
  • When the company has reason to believe that a customer (account- based or walk-in) is intentionally structuring a transaction into a series of transactions below the threshold of rupees fifty thousand.
  • No introduction is to be sought while opening accounts.
  • For the purpose of verifying the identity of customers at the time of commencement of an account-based relationship, the Company, at its discretion may at its option, rely on customer due diligence done by a third party, subject to the following conditions.
  • Necessary information on such customers’ due diligence carried out by the third party or from the Central KYC Records Registry is obtained within two days by the Company.
  • Adequate steps are taken by the Company to ensure that copies of identification data and other relevant documentation relating to customer due diligence shall be made available from the third party upon request without delay.
  • The third party is regulated, supervised or monitored for, and has measures in place for, compliance with customer due diligence and record-keeping requirements in line with the requirements and obligations under the PML Act.
  • The third party shall not be based in a country/ jurisdiction assessed as high risk.
  • The ultimate responsibility for customer due diligence and undertaking enhanced due diligence measures, as applicable, will be with VVPL.
  • The information collected from customers for the purpose of opening of account shall be treated as confidential, and details thereof shall not be divulged for cross-selling or other purpose, except with the express consent from the customer.
  • The Company will have monitoring procedures including systems to generate alerts in case of any non-compliance/violation, to ensure compliance with the above mentioned conditions.
  • The Company does not provide loans to non-individuals and hence this KYC Policy does not refer to documentation and KYC Procedures for Customers that are legal persons or entities. As and when the Loan would be accessible to non-individuals, applicable KYC Policy for the same would be included herein in terms of the RBI guidelines. An indicative list of the nature and type of documents/information that may be relied upon for Customer Due Diligence is given in Annexure I.
Annexure I: Customer Due Diligence Procedure and Documents that would be obtained from Customers, who are individuals.

The Company would obtain the information from an individual borrower, as prescribed by RBI from time to time. The documents may be uploaded by the borrower in pdf/jpg format.

  1. In respect of individuals, the Company would obtain.
  2. Aadhaar Number.
  3. Permanent Account Number.
  4. A selfie/photograph.
  5. Any other document as may be required by the Company.

Where an Aadhaar number has not been assigned to an individual, proof of application of enrolment for Aadhaar shall be obtained where in the enrollment is not older than 6 months.

  1. In case the identity information relating to Aadhaar or PAN does not have the current address, an OVD as defined in the RBI Master Direction and brought out in the Policy may be submitted.
  2. Utility bill which is not more than two months old of any service provider (electricity telephone, post-paid mobile phone, piped gas, water bill)
  3. Property or Municipal Tax receipt
  4. Pension or family pension payment order (PPOs) issued to retired employees of Government Departments or PSUs, if they contain the address
  5. Leave and License agreements.
  6. Letter of allotment of accommodation from employer issued by State Government. [OR]
  7. Central Government Departments, statutory or regulatory bodies, PSUs, Scheduled Commercial banks, Financial Institutions and Listed Companies and Leave and License agreements with such employees allotting official accommodation.
Accounts opened using OTP based e-KYC, in non-face-to-face mode, are subject to the following conditions:

The Company would obtain the information from an individual borrower, as prescribed by RBI from time to time. The documents may be uploaded by the borrower in pdf/jpg format.

  1. Specific consent from the customer for authentication through OTP should be received.
  2. The aggregate balance of all the deposit accounts of the customer shall not exceed rupees one lakhs. In case, the balance exceeds the threshold, the account shall cease to be operational, till CDD as mentioned at (v) below is complete.
  3. The aggregate of all credits in a financial year, in all the deposit accounts taken together, shall not exceed rupees two lakhs.
  4. As regards borrowal accounts, only term loans shall be sanctioned. The aggregate amount of term loans sanctioned shall not exceed rupees sixty thousand in a year.
  5. Accounts, both deposit and borrowal, opened using OTP based e-KYC shall not be allowed for more than one year within which identification as per Section 16 is to be carried out.
  6. If the CDD procedure as mentioned above is not completed within a year, in respect of deposit accounts, the same shall be closed immediately. In respect of borrowal accounts no further debits shall be allowed.
  7. A declaration shall be obtained from the customer to the effect that no other account has been opened nor will be opened using OTP based KYC in non-face-to-face mode with any other RE. Further, while uploading KYC information to CKYCR, the company shall clearly indicate that such accounts are opened using OTP based e-KYC and other REs shall not open accounts based on the KYC information of accounts opened with OTP based e-KYC procedure in non-face-to-face mode.
  8. Live location of the customer (Geotagging) shall be captured to ensure that customer is physically present in India.
  9. The official of the company shall ensure that the photograph of the customer in the Aadhaar/PAN details matches with the customer and identification details in Aadhaar/PAN shall match with the details provided by the customer.
  10. The official of the company shall ensure that the sequence and/or type of questions during video interactions are varied in order to establish that the interactions are real-time and not pre-recorded.
Monitoring of transactions:

Ongoing monitoring is an essential element of effective KYC procedures. Monitoring of transactions and its extent will be conducted taking into consideration the risk profile and risk sensitivity of the account. VVPL shall make endeavors to understand the normal and reasonable activity of the customer so that the transactions that fall outside the regular/pattern of activity can be identified, Special attention will be paid to all complex, unusually large transactions and all unusual patterns, which have no apparent economic or visible lawful purpose. VVPL may prescribe threshold limits for a particular category of accounts and pay particular attention to transactions which exceed these limits. Higher risk accounts shall be subjected to intense monitoring.

Training Programme:

VVPL shall have ongoing employee training programs so that the members of the staff are adequately trained in KYC/ AML/ CFT procedures. Training requirements shall have different focuses for front line staff, compliance staff and officer/ staff dealing with new customers so that all those concerned fully understand the rationale behind the KYC policies and implement them consistently.

Internal Control System:

The Company’s Internal Audit and Compliance function will evaluate and ensure adherence to the KYC policies and procedures. As a general rule, the compliance function will provide an independent evaluation of the VVPL’s own policies and procedures, including legal and regulatory requirements. The Management under the supervision of Board shall ensure that the audit function is staffed adequately with skilled individuals. Internal Auditors will specifically check and verify the application of KYC procedures at the branches and comment on the lapses observed in this regard. The audit findings and compliance thereof will be put before the Audit Committee of the Board at quarterly intervals till closure of audit findings.

Further, VVPL shall have an adequate screening mechanism in place as an integral part of their recruitment/ hiring process of personnel to ensure that person of criminal nature/ background do not get an access, to misuse the financial channel.

Record Keeping:

The following steps shall be taken regarding maintenance, preservation and reporting of customer account information, with reference to provisions of PML Act and Rules:

  1. Maintain all necessary records of transactions between the company and the customer, for at least five years from the date of transaction.
  2. Preserve the records pertaining to the identification of the customers and their addresses obtained while opening the account and during the course of business relationship, for at least five years after the business relationship is ended.
  3. Make available the identification records and transaction data to the competent authorities upon request.
  4. Introduce a system of maintaining proper record of transactions prescribed under Rule 3 of Prevention of Money Laundering (Maintenance of Records) Rules, 2005 (PML Rules, 2005)

Maintain all necessary information in respect of transactions prescribed under PML Rule 3 so as to permit reconstruction of individual transaction, including the following:

  • The nature of the transactions.
  • The amount of the transaction and the currency in which it was denominated.
  • The date on which the transaction was conducted; and the parties to the transaction.
  • Evolve a system for proper maintenance and preservation of account information in a manner that allows data to be retrieved easily and quickly whenever required or when requested by the competent authorities
  • maintain records of the identity and address of their customer, and records in respect of transactions referred to in Rule 3 in hard or soft format.
Reporting to Financial Intelligence Unit-India:

In accordance with the requirements under PMLA, the Principal Officer of VVPL will furnish the following reports, as and when required, to the Director,
Financial Intelligence Unit-India (FIU-IND):

  1. a) Cash Transaction Report (CTR) – If any such transactions detected, Cash Transaction Report (CTR) for each month by 15th of the succeeding month.
  2. b) Counterfeit Currency Report (CCR) – All such cash transactions where forged or counterfeit Indian currency notes have been used as genuine as Counterfeit Currency Report (CCR) for each month by 15th of the succeeding month.
  3. c) Suspicious Transactions Reporting (STR) – The Company will endeavor to put in place automated systems for monitoring transactions to identify potentially suspicious activity. Such triggers will be investigated and any suspicious activity will be reported to FIU-IND.

VVPL will file the Suspicious Transaction Report (STR) to FIU-IND within seven (7) days of arriving at a conclusion that any transaction, whether cash or non-cash, or a series of transactions integrally connected are of suspicious nature. However, in accordance with the regulatory requirements, VVPL will not put any restriction on operations in the accounts where an STR has been filed. An indicative list of suspicious transactions is enclosed as Annexure II. The employees of VVPL shall maintain strict confidentiality of the fact of furnishing/ reporting details of suspicious transactions.

Annexure II:

Broad categories of reason for suspicion and examples of suspicious transactions for Non Banking Financial Companies are indicated as under:

1. Identity of client

  1. – False identification documents.
  2. – Identification documents which could not be verified within reasonable time.
  3. – Accounts opened with names very close to other established business entities.

2. Background of client

  1. – Suspicious background or links with known criminals.
Changes to KYC Policy:

Broad categories of reason for suspicion and examples of suspicious transactions for Non Banking Financial Companies are indicated as under:

In case of issue of any guidelines, circulars and regulations by RBI/FIU/PMLA amending the existing AML – KYC provisions applicable to VVPL, which warrants changes to this policy, the Principal Officer jointly with the Designated Director will be authorized to circulate the said amendments among the employees/ branches for its due implementation and shall form part and parcel of this policy. In this regard, the Principal Officer jointly with the Designated Director shall ensure that the updated policy aligned with the applicable regulations is placed before the Board of Directors on an annual basis for its perusal, review and ratification thereto. It is hereby clarified any changes in line with business (non – regulatory) requirements shall require prior approval of the Board before its implementation / circulation.