KYC & AML Policy | Upkar Finance

Know Your Customer (KYC) & Anti-Money Laundering (AML) Policy

PREAMBLE:
In terms of the guidelines issued by the Reserve Bank of India (RBI) on ‘Know Your Customer’ (KYC) norms and Anti Money Laundering (AML) Measures for Non-Banking Financial Companies (NBFCs) and master directions issued by it from time to time, the Board of Directors of Upkar Leasing & Finance Private Limited (hereinafter referred to as “the Company”) has adopted and approved Policy on the “Know Your Customer [KYC] & Anti Money Laundering [AML]” to set a standard for prevention of money laundering activities and to follow certain customer identification procedure for opening of account while dealing with the customers. This policy is applicable across all branches of the Company and be read in coordination with guidelines/instruction issued in this regard from
time to time. The Company is always committed for transparent and fair dealing with customers and other stakeholders ensuring adherence to applicable laws.

KYC and PMLA Policy:
(I) Objectives:
To have a clearly laid out:
(1) Customer acceptance policy;
(2) Risk Management policy;
(3) Customer Identification process; and
(4) Monitoring of transaction. With a view to:-

put in place an effective system and procedure for Customer identification and verifying its / his / her identity and residential address and conduct Customer due diligence (CDD) based on the risk factor associated with each Customer;
have in place a system of assessing and monitoring the risk factors associated with each Customer;
put in place a system of checks and balances to ensure formulation and effective implementation of procedures to help control and mitigate the risk of occurrence of financial frauds, swiftly identify probable transactions of money laundering and related suspicious activities and safeguarding Company from being unwittingly used as a conduit for transfer or deposit of funds derived from criminal activity or for financing of terrorism, irrespective of whether such money can be traced to a specific act of terrorism or not;
monitor transactions of a suspicious nature and report the same to the Financial Intelligence Unit- India (FIU- IND); verification and maintenance of records of transactions of Customers in accordance with PMLA and the Rules made thereunder;

(II) Definition of Customer: For the purpose of this Policy,
(1) “Customer” means a person or entity who:

proposes to enter in to a loan, lease finance or hire purchase finance transaction in any of its forms (hereinafter for brevity’s sake referred to as ‘financial transaction’), with the Company;
is a beneficial owner of the financial transaction to be entered in to with the Company by any other person or entity;
is a beneficiary of a financial transaction to be entered in to with the Company by any intermediary; or
is neither of the above but is related with such financial transaction and has capability or power, under such financial transaction, to pose a significant risk,
reputational or otherwise, to the Company.

(2) ‘Beneficial Owner (BO)’ in relation to a Customer is a person or an entity who is to be considered a beneficiary of the financial transaction entered in to with the Company by the Customer. A list of persons who are to be considered as such BOs in relation to a Customer is given below:

(a) Controlling ownership interest –ownership of/entitlement to more than 25 percent of the shares or capital or profits of the Company;
(b) Control shall include right to appoint majority of the Directors or to control the management or policy decisions including by virtue of their shareholding or management rights or shareholders agreements or
Note: Where no natural person is identified as per the above table, the beneficial owner is the relevant natural person who holds the position of senior managing official.

(3) “Debarred Customers” includes the customers whose names matches in RBI
Defaulters’List, United Nations Security Council (UNSC), Financial Action Task Force (FATF), Office of Foreign Assets Control (OFAC), negative media searches and Politically Exposed Persons (PEPs).

Other terms not specifically defined here shall have the same meaning as assigned to them under the KYC Directions, 2016 or Prevention of Money Laundering Act, as amended from time to time.

(III) Customer Acceptance Policy, Risk Management, Customer Identification Procedure (CIP), Monitoring of Transactions:
(1) Customer Acceptance policy (CAP) :
The Customer Acceptance Policy will ensure the following aspects of customer relationship
i. No account is opened in anonymous or fictitious/benami name(s);
ii. Risk in terms of the location of customer and his clients and mode of payments are duly checked;
iii. Volume of turnover, social and financial status, etc. will form the basis for categorization of customers into low, medium and high risk. Customers requiring very high level of monitoring,
e.g. Politically Exposed Persons (PEP), Non Face-to-Face Persons will be given due consideration according to the regulatory requirements.
iv. Documentation requirements and other information will be collected in respect of different categories of customers depending on perceived risk and guidelines issued from time to time; Declaration will be taken from the customer that the proceedings/transactions are not in violation of the PML Act, 2002 and RBI regulations in this regard.
v. Not to open an account or close an existing account where the Company is unable to apply appropriate customer due diligence measures, i.e. the Company is unable to verify the identity and / or obtain documents required as per the risk categorization due to non co- operation of the customer or non-reliability of the data/information furnished to the Company.
vi. Permanent Address proof from new applicants will be collected. The documents which can be accepted as proof of address are mentioned in Annexure I. Aadhar letter issued by Unique Identification Authority of India also be accepted as the document for address proof. If the address provided by the customer is same on the document submitted for identity proof, the document be accepted as proof of both identity and address.
vii. In the following circumstances, the account may be operated by a mandate holder
or the account may be opened by an intermediary in a fiduciary capacity hence the customer is permitted to act on behalf of another person/entity, in conformity with the established law and practices:
a) if applicant is NRI/PIO
b) if applicant is a limited company.
c) if applicant is a partnership firm
d) any other circumstance where it is not possible for the applicant to be present at the branch location physically available.
viii. Necessary checks before any loan disbursement will be carried out through Field Investigation agency so as to ensure that the identity of the customer does not match with any person with known criminal background or with banned entities such as individual terrorists or terrorist organizations, etc.
ix. The Company will prepare a profile for each new customer during the credit appraisal based on risk categorization as mentioned in this policy and as per credit risk policy and operations manual. The customer profile will contain information relating to the customer's identity, social/financial status, nature of business activity, information about his clients' business and their location, etc. The nature and extent of due diligence will depend on the risk perceived by the Company. At the time of credit appraisal of the applicant the details are recorded along with his profile based on meeting with the applicant apart from collection of applicable documents; this will be as per our credit and product norms which are incorporated in the operation manual and are in practice. However, while preparing customer profile, the Company will seek only such information from the customer which is relevant to the risk category and is not intrusive.
x. The customer profile will be a confidential document and details contained therein shall not be divulged for cross selling or for any other purposes against monetary consideration. The Company will continue to share its client data with CIBIL and empanelled FI agencies and such other organizations/entities subject to confidentiality clause, since the purpose of sharing this information is to ensure risk minimization.
xi. As per KYC policy, for acceptance and identification, customers are categorized broadly into low risk, medium risk, and high risk categories:

I. Low Risk Customers:
Low risk customers for the purpose of this policy will be individuals and entities whose identities and sources of wealth can be easily identified, have structured income and transactions in whose accounts by and large conform to the known profile. In such
cases, the policy will require that only the basic requirements of verifying the identity and location of the customer are to be met.
Illustrative examples of low risk customers could be:
• Salaried applicants whose salary structures are well defined;
• People belonging to government departments,
• People working with govt. owned companies, regulators and statutory bodies etc;
• People belonging to lower economic strata of the society whose accounts show small balances and low turnover;
• People working with Public Sector Units;
• People working with reputed Public Limited companies & Multinational Companies.

II. Medium Risk customers would include:
• Salaried applicants with variable income/unstructured income;
• Salaried applicants working with Private limited companies;
• Self Employed professionals other than HNIs ;
• Self Employed customers with sound business and profitable track record for a reasonable period;
• High Net worth Individuals with occupational track record of more than 3 years.

III. High Risk Customers
High risk customers that are likely to pose a higher than average risk to us will be categorized high risk customers depending on customer's background, nature and location of activity, country of origin, sources of funds and his client profile, etc. The Company will examine the case in details based on the risk assessment as per the credit risk policy and guidelines of SOP. This category of customers will not be actively sourced by the Company. Any customer, identified as High Risk, and funded by the company basis exceptional comfort and availability of justifying mitigants. The extent and nature of due diligence will be the highest for this category. Examples of high risk customers
requiring higher due diligence includes:
• Non-resident customers,
• High net worth individuals, without an occupational track record of more than 3 years;
• Trusts, charities, NGOs and organizations receiving donations
• Companies having close family shareholding or beneficial ownership;
• Firms with 'sleeping partners';
• Politically exposed persons (PEPs) of foreign origin;
• Non-face to face customers;
• Those with dubious reputation as per available public information, etc

Customer Acceptance Policy shall not result in denial of banking/financial facility to members of the general public, especially those, who are financially or socially disadvantaged.

(2) Risk Management:
(a) Risk categorization of Customers shall be undertaken on the basis of various factors, such as nature of employment, business activity of the Customer, location of Customer and his/its clients, mode of payments, volume of turnover, social / financial status and credit history. The Company may at its discretion identify additional factors that it may wish to utilize for Customer acceptance based on risk profile determined by the Company.
(b) The Company may categorize its Customers into ‘High Risk / Medium Risk
/Low Risk’ as stated above and review it from time to time. The Company may devise procedures for creating risk profiles of its existing and new Customers and apply various Anti- Money Laundering measures keeping in view the risks involved in a financial transaction or a business relationship.

(3) Customer Identification Procedure:
The Customer identification means identifying the customer and verifying his/her identity by using reliable, independent source documents, data or information. Sufficient information needs to be obtained to the satisfaction, which is necessary to establish, the identity of each new customer, whether regular or occasional, and the purpose of the intended nature of relationship. Customer Identification Procedure is carried out at different stages.
a) at the time of commencement of an account–based relationship, identify its clients, verify their identity and obtain information on the purpose and intended nature of the business relationship; and
b) while carrying out transaction of an amount equal to or exceeding rupees fifty thousand, whether conducted as a single transaction or several transactions that appear to be connected.
c) When there is a doubt about the authenticity or adequacy of the customer identification data it has obtained.
d) When a Company has reason to believe that a customer is intentionally structuring a transaction into a series of transactions below the threshold of rupees fifty thousand.

For the purpose of verifying the identity of customers at the time of commencement of an account-based relationship, the Company, shall at its option, rely on customer due diligence done by a third party, subject to the following conditions:

a) Necessary information of such customers’ due diligence carried out by the third party is immediately obtained by the Company.
b) Adequate steps are taken by the Company to satisfy itself that copies of identification data and other relevant documentation relating to the customer due diligence requirements shall be made available from the third party upon request without delay.
c) The third party is regulated, supervised or monitored for, and has measures in place for, compliance with customer due diligence and record-keeping requirements in line with the requirements and obligations under the PML Act.
d) The third party shall not be based in a country or jurisdiction assessed as high risk.
e) The ultimate responsibility for customer due diligence and undertaking enhanced due diligence measures, as applicable, will be with the Company.

The e-KYC service of Unique Identification Authority of India (UIDAI) shall be accepted as a valid process for KYC verification as per the provisions mentioned in the Master Direction - Know Your Customer (KYC) Direction, 2016 issued by RBI.

The Company need to obtain sufficient information necessary to establish, to their satisfaction, the identity of each new customer, whether regular or occasional and the purpose of the intended nature of relationship. Rule 9 of the PML Rules provides for the documents/information to be obtained for identifying various types of customers i.e. individuals, companies, partnership firms, trusts, unincorporated association or a body of individuals and juridical persons. An indicative list of the nature and type of documents/information that will be relied upon for customer identification is given in the Annexure-I.

The Company has formulated and implemented a Client Identification Programme to determine the true identity of its clients keeping the above in view.

The Company performs Periodical Client Due Diligence in regard to customer identification data including photograph(s) after the account is opened. The
Periodicity of such updation (obtaining Full KYC) will not be less than once in ten years in case of low risk category customers, not less than once in eight years in case of medium risk categories and not less than once in two years in case of high risk categories. Such KYC exercise will include all measures for confirming the identity and address and other particulars of the customer based on the risk profile of the customer.
The Company need not seek fresh proofs of identity and address at the time of periodic updation from those customers who are categorised as ‘low risk’, in case of no change in status with respect to their identities and addresses. A self-certification by the customer to that effect will be sufficient in such cases. In case of change of address of such ‘low risk’ customers, they can merely forward a certified copy of the document (proof of address) by mail/post, etc. and the Company may not insist on physical presence of such low risk customer at the time of periodic updation.

Simplified procedure for opening accounts by Non-Banking Finance Companies (NBFCs):
In case a person who desires to open an account is not able to produce KYC documents, the Company may at its discretion open accounts by following the simplified procedure, as may be directed by RBI from time to time.
If an existing KYC-compliant Customer of the Company desires to open another account with the Company, there shall be no need for a fresh CDD exercise.

Identification of Beneficial Owner:
For opening an account of a Legal Person who is not a natural person, the beneficial owner(s) shall be identified and all reasonable steps to verify his/her identity shall be undertaken keeping in view the following:
(a) Where the Customer or the owner of the controlling interest is a Company listed on a stock exchange, or is a subsidiary of such a Company, it is not necessary to identify and verify the identity of any shareholder or beneficial owner of such companies.
(b) In cases of trust/nominee or fiduciary accounts, whether the Customer is acting on behalf of another person as trustee/nominee or any other intermediary is to be determined. In such cases, satisfactory evidence of the identity of the intermediaries and of the persons on whose behalf they are acting, as also details of the nature of the trust or other arrangements in place shall be obtained.
(c) In cases of societies accounts, whether the Customer is acting on behalf of another person as member of the society or any other intermediary is to be determined. In such cases, satisfactory evidence of the identity of the intermediaries and of the persons on whose behalf they are acting, as also details of the nature of the society or other arrangements in place shall be obtained.

(4) Monitoring of Transactions:
(a) The Company normally does not and would not have large cash transactions. However, if and when cash transactions of Rs.10 lakhs and above are undertaken, the Company will keep proper record of all such cash transactions in a separate register maintained at its office.
(b) The Company shall monitor transactions of a suspicious nature on an ongoing basis for the purpose of reporting it to the appropriate authorities. The extent of monitoring by the Company will depend on the risk sensitivity of the account and special attention will be given to all complex unusually large transactions, which have no apparent economic or lawful purpose.
(c) The Company shall promptly report cash transactions or transactions of a suspicious nature to the appropriate regulatory and investigating authorities, as per the provisions of the PMLA and the Rules.
(d) The Company shall exercise caution with respect to the transactions with persons (including legal persons and other financial institutions) from the countries which have been identified by Financial Action Task Force (FATF) as high risk and non-cooperative jurisdictions with respect to compliance with the FATF Recommendations, 2012.

(5) On-going Due Diligence:
The Company shall undertake on-going due diligence of Customers to ensure that transactions are consistent with its knowledge about the Customers, Customers’ business and risk profile; and the source of funds. The extent of monitoring shall be aligned with the risk category of the Customer.

(6) Periodic Updation:
Periodic updation shall be carried out at least once every one year, for high risk Customers, once every two years, for medium risk Customers and once every three years, for low risk Customers.

(7) Enhanced Due Diligence:
Accounts of Politically Exposed Persons (PEPs):
Generally, the Company would not open accounts of PEP. Decision to deal with such persons as a Customer shall be taken up at a senior management level and shall be subjected to enhance monitoring.

(8) Client accounts opened by professional intermediaries:
Owing to the fact that accounts may be (i) opened by professional intermediaries on behalf of entities like mutual funds, pension funds or other types of funds or (ii) managed by lawyers/chartered accountants or stockbrokers for funds held 'on deposit' or 'in escrow' for a range of clients, The Company shall ensure identification of all beneficial owners in respect of such accounts. Further, The Company shall also ensure that the CDD conducted by the intermediaries is in line with KYC requirements mandated by RBI.

The Company shall ensure that no professional intermediary, who cannot reveal the identity of a Customer, should be allowed to open such an account with it.

(9) Simplified KYC norms for Foreign Portfolio Investors (FPIs):
Accounts of FPIs which are eligible/ registered as per SEBI guidelines, for the purpose of investment under Portfolio Investment Scheme (PIS), shall be opened by accepting KYC documents as prescribed by RBI, subject to Income Tax [Foreign Account Tax Compliance Act (FATCA)/ Common Reporting Standards (CRS)] Rules.

(10) Information obtained from Customers:
All the information collected from the Customers by the Company shall be kept confidential and all such information shall be treated as per the agreement/terms and conditions signed by the Customers. Additionally, the information sought from each Customer should be relevant to the risk perceived in respect of that particular Customer, should not be intrusive and should be in line with the guidelines issued by the RBI in that behalf.

(11) Record Management:
Maintenance of Records of Transactions (As per Rule 3 of the Prevention of Money Laundering Rules 2005):

The Company will maintain proper record of the under mentioned transactions:
(i) All cash transactions of the value of more than rupees one million or its equivalent in foreign currency, though by policy The Company do not accept cash deposits in foreign currency.
(ii) All series of cash transactions integrally connected to each other which have been valued below rupees one million or its equivalent in foreign currency where such series of transactions have taken place within a month.
(iii) All cash transactions where forged or counterfeit currency notes or bank notes have been used as genuine and where any forgery of a valuable security has taken place; any such transactions
(iv) All suspicious transactions as mentioned in Annexure II Information to be preserved: The Company will maintain the following information in respect of transactions referred to in the preceding point on “Maintenance of records of transactions”
(a) The nature of the transactions
(b) The amount of transactions and currency in which it was denominated
(c) The date on which the transaction was conducted and
(d) Parties to the transactions
The Company sanctions and disburses files on the system: Since the company has a system for proper maintenance and preservation of account information in a manner that allows data to be retrieved easily and quickly whenever required. However the Company will maintain account information for at least five years from the date of cessation of transaction between the company and the client, all necessary records of transactions which will make available individual transactions so as to provide, if necessary, evidence for prosecution of persons involved in criminal activity.
The Company will ensure that records pertaining to the identification of the customer and his address (e.g. copies of documents like passports, identity cards, driving licenses, Permits, PAN, utility bills, aadhar etc.) obtained while opening the account and during the course of business relationship, are properly preserved for at least five years after the business relationship is ended. Apart from this, the application form, copy of loan agreement, NOC, other document either photocopy or cancelled original copy will be kept for next five years after the full closure of the account. However, preservation and maintenance of the documents will be in paper form and a soft copy. The identification of records and transaction data will be made available to the competent authorities upon request only through the principal officer under this policy with his approval.

(12) Customer Education:
The Company will educate the customer on the objectives of the KYC program so that customer understands and appreciates the motive and purpose of collecting such information.

(13) Introduction of New Technologies:
The Company will pay special attention to any money laundering threats that may arise from new or developing technologies including on-line transactions that may favour anonymity, and take measures, if needed, to prevent their use in money laundering schemes as and when online transactions are started /accepted by the Company.

(14) Reporting to Financial Intelligence Unit – India
The Company will report information of transaction referred to in clause (a) of subsection (1) of section 12 of PMLA read with Rule 3 of the PML Rules relating to cash and suspicious transactions, etc., Director, Financial Intelligence Unit-India (FIU-IND) as advised in terms of the PMLA rules, in the prescribed formats as designed and circulated by RBI.

(15) CDD Procedure and sharing KYC information with Central KYC Records Registry (CKYCR):
Company shall capture the KYC information for sharing with the CKYCR in the manner mentioned in the Rules, as required by the revised KYC templates prepared for ‘individuals’ and ‘Legal Entities’ as the case may be.
Government of India has authorized the Central Registry of Securitization Asset Reconstruction and
Security Interest of India (CERSAI), to act as, and to perform the functions of the CKYCR vide Gazette Notification No. S.O. 3183(E) dated November 26, 2015.

These Guidelines are issued under the Directions/Regulations issued by Reserve Bank of India and any contravention of or non-compliance with the same will attract penal consequences under the said Directions/Regulations. Further, any change in the regulations issued by Reserve Bank of India through notifications/clarifications/directions shall be automatically construed in this policy.

ANNEXURE I
CUSTOMER IDENTIFICATION PROCEDURE

List of KYC Documents required for opening of Accounts

NOTES:
1. A copy of the marriage certificate issued by the State Government or Gazette notification indicating change in name together with a certified copy of the ‘officially valid document’ in the existing name of the person shall be obtained for proof of address and identity, while establishing an account based relationship or while undertaking periodic updation exercise in cases of persons who change their names on account of marriage or otherwise.
2. In case the person who proposes to open an account does not have an OVD as ‘proof of address’, such person shall provide OVD of the relative as provided at sub-section 77 of Section 2 of the Companies Act, 2013, read with Rule 4 of Companies (Specification of definitions details) Rules, 2014, with whom the person is staying, as the ‘proof of address’.
Explanation: A declaration from the relative that the said person is a relative and is staying with him/her shall be obtained.

ANNEXURE II
ILLUSTRATIVE LIST OF SUSPICIOUS TRANSACTIONS PERTAINING TO LOAN
a) Customer is reluctant to provide information, data, documents;
b) Submission of false documents, data, purpose of loan, details of accounts;
c) Refuses to furnish details of source of funds by which initial contribution is made, sources of funds
is doubtful etc;
d) Reluctant to meet in person, represents through a third party/Power of Attorney holder without sufficient reasons;
e) Approaches a branch/office of a the Company, which is away from the customer’s residential or business address provided in the loan application, when there is company branch/office nearer to the given address;
f) Unable to explain or satisfy the numerous transfers in the statement of account/ multiple accounts;
g) Initial contribution made through unrelated third party accounts without proper justification;
h) Availing a top-up loan and/or equity loan, without proper justification of the end use of the loan amount;
i) Suggesting dubious means for the sanction of loan;
j) Where transactions do not make economic sense;
k) There are reasonable doubts over the real beneficiary of the loan.
l) Encashment of loan amount by opening a fictitious bank account;
m) Applying for a loan knowing fully well that the property/dwelling unit to be financed has been funded earlier and that the same is outstanding;
n) Sale consideration stated in the agreement for sale is abnormally higher/lower than what is prevailing in the area of purchase;
o) Multiple funding of the same property/dwelling unit;
p) Request for payment made in favour of a third party who has no relation to the transaction;
q) Usage of loan amount by the customer in connivance with the vendor/builder/developer/broker/ agent etc. and using the same for a purpose other than what has been stipulated.
r) Frequent requests for change of address;
s) Overpayment of installments with a request to refund the overpaid amount.