Anti-Money Laundering Policy (AML)

Introduction

This policy has been formed in the light of SEBI Circulars on Anti Money Laundering (AML) and Combating Financing of Terrorism (CFT) as amended – obligations of Intermediaries under the Prevention of Money Laundering Act, 2002 (‘Act’) and Rules framed thereunder after making necessary amendments in the existing Anti-Money Laundering Policy of the PayUGuru.

In pursuance of above said circular and the provisions of the Act, the policy of the PayUGuru is to prohibit and actively prevent money laundering and any activity that facilitates money laundering or terrorist financing.

Money Laundering (ML) is generally understood as engaging in acts designed to conceal or disguise the true origins of criminally derived proceeds or assets so that they appear to have been derived from legitimate origins or constitute legitimate assets.

1. Purpose:

The basic purpose of the AML Policy is to establish a system for PayUGuru to participate in the international efforts against money laundering and to duly comply with the guidelines of SEBI as amended and other legal provisions and to ensure that PayUGuru is not used as a intermediary for money laundering. PayUGuru is fully committed to comply globally with all applicable laws designed to combat money laundering and any activity which facilitates the funding of terrorist or criminal activities.

2. Scope:

This AML Policy establishes the standards of AML compliance and is applicable to all activities of PayUGuru. This Policy covers the existing clients of PayUGuru including the proposed or future clients.

3. Objectives of the Policy:
  1. To establish a framework for adopting appropriate AML Procedures and controls in the Business operations of PayUGuru.
  2. To put in place appropriate controls for the detection and reporting of suspicious activities in accordance with applicable laws/laid down procedures.
  3. To comply with applicable laws and regulatory guidelines.
  4. To have a proper Customer Due Diligence (CDD) process before registering clients.
  5. To take necessary steps to ensure that the content of these Guidelines are understood by all the concerned staff and they are adequately trained in AML procedures.
  6. Adopt customer acceptance policies and procedures which are sensitive to the risk of money laundering
  7. To assist law enforcement agencies in their effort to investigate and track money launderers.
4. Customer Due Diligence (CDD):

At the time of opening an account there at PayUGuru,

  • i. IN CASE OF INDIVIDUALS: Branches/Business Units shall obtain the following from an individual while establishing an account-based relationship or while dealing with the individual who is a beneficial owner, authorized signatory or the power of attorney holder related to any legal entity:
    • a) the Permanent Account Number or the equivalent e-document thereof or Form No. 60 as defined in Income-tax Rules, 1962,
    • b) Recent Photograph,
    • c) Aadhaar number and any other Officially Valid Document Passport, Driving License, Voter's Identity Card issued by the Election Commission of India, Job Card issued by any State or Central Government.
  • ii. IN CASE OF NON INDIVIDUALS: For opening accounts of non-individuals i.e., Proprietorship, Partnership, Trust, Companies, Unincorporated association of Individuals etc, identification information of individuals, who are Proprietor(s) / Partner(s) / Beneficial Owner(s) /Authorised Signatories shall be obtained, as detailed in 4 (i) above.
  • iii. Periodic updation shall be carried out at least once in every two years for high risk customers, once in every eight years for medium risk customers and once in every ten years for low-risk customers.
5 Principal Officer – Designation and Duties:

Principal Officer: “Principal Officer” means an officer nominated by the Bank, responsible for furnishing information as per Rule 8 of the PML rules. Principal Officer is responsible for ensuring compliance, monitoring transactions, and sharing and reporting information as required under the law / regulations. The name, designation and address of the Principal Officer are to be communicated to the Director, FIU-IND.

He will act as a central reference point in facilitating onward reporting of suspicious transactions and for playing an active role in the identification and assessment of potentially suspicious transactions. The duties of the Principal Officer will include monitoring the PayUGuru’s compliance with AML obligations and overseeing the maintenance of AML records, communication and training for employees. The Principal Officer will ensure the filing of necessary reports with the Financial Intelligence Unit.

Principal Officer is authorized to issue additional circulars and advisories, to and seek information from the concerned officials for due compliance of AML measures from time to time. The PayUGuru has provided the Financial Intelligence Unit with contact information of the Principal Officer and will promptly notify Financial Intelligence Unit of any change in this information.

Principal Officer shall ensure that this policy is communicated to all management and relevant staff including Directors, Head of the Department (s), customers and all concerned.

6. Nomination of Designated Director:

“Designated Director “means a person designated by the Board to ensure overall compliance with the obligations imposed under chapter IV of the PML Act and the Rules and includes the Managing Director or a whole-time Director duly authorized by Board of Directors. In no case, the Principal Officer shall be nominated as the Designated Director. The name, designation and address of the Designated Director are to be communicated to the Director, FIU-IND. In addition, it shall be the duty of every reporting entity, its Designated Director, officers and employees to observe the procedure and manner of furnishing and reporting information on transactions referred to in PML Rule.

7. Risk Assessment:

Categorization of Clients
Risk assessment to identify, assess and take effective measures to mitigate its money laundering and terrorist financing risk with respect to its clients, residential status, payment methods used by clients, etc. The risk assessment shall also take into account any country specific information that is circulated by the Government of India and SEBI from time to time, as well as, the updated list of individuals and entities who are subjected to sanction measures as required under the various United Nations' Security Council Resolutions (these can be accessed at

https://www.un.org/securitycouncil/sanctions/1267/aq_sanctions_list

https://www.mha.gov.in/sites/default/files/2024-01/Listofindividuals56_05012024.pdf

https://www.mha.gov.in/sites/default/files/2023-06/TERRORIST_ORGANIZATIONS_10032023.pdf

https://www.mha.gov.in/en/commoncontent/unlawful-associations-under-section-3-of-unlawful-activities-prevention-act-1967

Risk assessment will be based on categorization of clients based on High risk, Medium risk & Low risk. Following criteria is generally used for categorization of clients:

  • i. High risk clients: All special category clients are considered as High risk clients. Client’s depositing cash in account or using non-approved modes of payments shall be categorized as High Risk Clients. Clients which fall under PEP i.e. politically exposed person shall be marked as High risk clients. NRI Clients shall be marked as High risk clients considered their residential status is out of India and there is no way to eventually track mode of funds transmitted to India.
  • ii. Medium Risk: Business, Agriculture, Student, Professional and Others.
  • iii. All other clients are primarily categorized as Low risk clients.
8. Review of Risk:

Review of Risk constantly after the On Boarding: The ongoing risk review can trigger the client’s risk to be upgraded based on the following parameters or events.

  • i. Change of the client relationship from Indian to NRI. The risk would be upgraded to “High”
  • ii. If it is later realized that the client is a High Net Worth client. The risk would be upgraded to “High”.
  • iii. If in future it is known that a client is PEP then apart from seeking permission from the management to continue the relationship, the client should be immediately upgraded to High risk
  • iv. If it is later realized or the existing client is registered foreign exchange dealer the client will have to be upgraded to High risk.
  • v. If a client is residing in a country which has been recently declared by the FATF as a high risk jurisdiction or an existing client moves base into a high risk jurisdiction then naturally in both the cases client will be immediately upgraded to “High” risk.
  • vi. If a client registers the authorization or gives a power of attorney to operate his account to somebody else, in that case the account is to be upgraded to “High” risk
  • vii. If it is realized by the management that the existing client’s reputation is tainted because of a SEBI debarred or any such announcement then the client will be upgraded to “High”
  • viii. Any employee of the organization could alert the principal officer and request based on any news item or an event in the public domain which can lead the risk to be made High
  • ix. Customers that are likely to pose a higher than average risk to shall be categorized as high risk depending on customer's background, nature and location of activity, country of origin, sources of funds and his client profile etc. It shall apply Customer Due Diligence measures based on the risk assessment, thereby requiring intensive 'due diligence' for higher risk customers, especially those for whom the sources of funds are not clear.
9. Maintenance of e-Records of transactions:

PayUGuru will maintain the records (either in electronic or in paper form) of types of transactions mentioned under Rules 3 and 4 of PMLA Rules 2005 and the copies of the Cash / Suspicious Transactions reports submitted to FIU as well as those relating to the verification of identity of customers for a period of 5 years in order to enable PayUGuru to comply swiftly with information requests from the competent authorities. Such records shall be sufficient to permit reconstruction of individual transactions (including the amounts and types of currency involved (if any) so as to provide, if necessary, evidence for prosecution of criminal activity.

PayUGuru will retain the records of those contracts, which have been settled by maturity or claim, surrender or cancellation, for a period of at least 5 years after that settlement. Records pertaining to all other transactions, (for which the PayUGuru is obliged to maintain records under other applicable Legislations / Regulations / Rules) the PayUGuru will retain records as provided in the Anti Money Laundering Framework said Legislations / Regulations / Rules but not less than 5 years from the date of end of the business relationship with the customer. The Designated Director, Principal Compliance Officer and staff assisting in execution of AML guidelines should have timely access to customer identification data, other KYC & KYB information and records

10. Retention of Records:

The records of the identity of clients is maintained and preserved for a period of ten years from the date of cessation of transactions between the client and the PayUGuru. In situations where the records relate to on-going investigations or transactions which have been the subject of a suspicious transaction reporting, they should be retained until it is confirmed that case has been closed.

11. Monitoring Accounts for Suspicious Activity:

The following kinds of activities are to be treated as red flags and reported to the Principal Officer:

  • i. Clients whose identity verification seems difficult or clients appear not to cooperate
  • ii. Where the source of the funds is not clear or not in keeping with clients apparent standing /business activity;
  • iii. Clients in high risk jurisdictions or clients introduced by such clients or banks or affiliates based in high risk jurisdictions;
  • iv. Substantial increases in business without apparent cause;
  • v. Unusually large cash deposits made by an individual or business;
  • vi. Clients transferring large sums of money to or from overseas locations with instructions for payment in cash;
  • vii. Transfer of investment proceeds to apparently unrelated third parties;
  • viii. Unusual transactions by CSCs and businesses undertaken by shell corporations, offshore banks /financial services, businesses reported to be in the nature of export/import of small items.
12. Reporting to the Financial Intelligence Unit:

In terms to the PMLA rules, Principal Officer is required to report information relating to online transaction email id and suspicious transactions to the Director, Financial Intelligence Unit-India (FIU-IND) at the following address: Director, FIU-IND, Financial Intelligence Unit-India, 6th Floor, Hotel Samrat, Chanakyapuri, New Delhi – 110 021.

Website: https://fiuindia.gov.in/

Procedure for Suspicious Transactions Reporting: The staff at operating terminal shall be adequately trained with PMLA requirements and reporting suspicious transaction to Principal Officer.

Reasons for treating any transaction or a series of transactions as suspicious should be recorded. It should be ensured that there is no undue delay in arriving at such a conclusion.

Utmost confidentiality should be maintained in submitting the information.

The reports may be transmitted by email/speed/registered post/fax at the Head Office addressed to the Principal Officer.

No restriction may be put on operations in the accounts where a Suspicious Transaction Report has been made.

The Principal Officer will make a note of suspicion transaction that have not been explained to his satisfaction and thereafter report the same to the FIU IND within the required deadlines. Where a client aborts/abandons a suspicious transaction on being asked some information by the PayUGuru officials, the matter shall be reported to FIU in the STR irrespective of the amount by the Principal Officer.

The Principal Officer will not base the decision on whether to file a STR solely on whether the transaction falls above a set threshold. The Principal Officer will file a STR and notify law enforcement of all transactions that raise an identifiable suspicion of criminal or terrorist corrupt activities. The PayUGuru will not notify any person involved in the transaction that the transaction has been reported, except as permitted by the PML Act and Rules thereof. Utmost confidentiality shall be maintained in filing of CTR and STR to FIU-IND. The reports may be transmitted by speed/registered post/fax at the notified address. No online reporting needs to be made to FIU-IND in case there are no online/suspicious transactions to be reported.

PayUGuru and its directors, officers and employees (permanent and temporary) shall be prohibited from disclosing (“tipping off”) the fact that a STR or related information is being reported or provided to the FIU-IND. It should be ensured that there is no tipping off to the client at any level.

The PayUGuru will create and maintain STRs and CTRs and relevant documentation on customer identity and verification and will maintain STRs and their accompanying documentation for such period as prescribed from time to time.

13. Internal Audit:

Internal Audit shall ensure compliance with policies, procedures, and controls relating to prevention of money laundering and terrorist financing, including the testing of the system for detecting suspected money laundering transactions, evaluating and checking the adequacy of exception reports generated on large and/or irregular transactions, the quality of reporting of suspicious transactions and the level of awareness of front line staff of their responsibilities in this regard.

14. Monitoring Employee Conduct and Accounts:

PayUGuru subjects employee accounts to the same AML procedures as customer accounts, under the supervision of the Principal Officer. The Principal Officer’s account is reviewed by the Managing Director.

15. Confidential Reporting of AML Non-Compliance:

Employees report any violations of the PayUGuru’s AML compliance program to the Principal Officer, unless the violations implicate the Principal Officer, in which case the employee shall report to the Managing Director. Such reports are confidential, and the employee suffers no victimization for making them.