1. INTRODUCTION

SHIVAKARI FINANCE PRIVATE LIMITED (hereinafter referred to as “the Company” or “SFPL”) is a Non-Deposit taking Base layer Non- Banking Finance Company registered with the Reserve Bank of India (“RBI”) carry out the business of Non-banking financial company with the objective to cater the needs of individuals, MSMEs, Entrepreneurs Companies and other body corporate etc.

The master direction on Know Your Customer (KYC) issued by the Reserve Bank of India having notification no. DBR.AML.BC.No.81/14.01.001/2015-16 dated February 25, 2016 including amended dated May 10, 2021 and Anti- Money Laundering (AML) standards advised all Non-banking financial companies to put in place a proper policy on Know your customer and Anti-money laundering approved and adopted by the board of directors of the company.

In view of the master direction on Know Your Customer DBR.AML.BC.No.81/14.01.001/2015-16 dated February 25, 2016 with any amendment/re-enactment thereof issued by Reserve Bank of India from time to time and Prevention of Money Laundering Act, 2002 (“Act”) read with the Prevention of Money-laundering (Maintenance of Records) Rules, 2005 (“Rules”) with any further amendments/ re-enactments thereof issued from time to time, the Board of Directors of SHIVAKARI FINANCE PRIVATE LIMITED has adopted a policy on Know Your Customer (KYC)/Anti-Money Laundering (AML) norms.

2. PURPOSE

This Policy envisages the establishment and adoption of measures and procedures relating to KYC, AML, and CFT for the Company in accordance with the requirements prescribed by RBI and modified from time to time.

The KYC policy has been framed by the Company for the following purposes:

1. To prevent criminal elements from using companies for Money Laundering and Terrorist funding activities;

2. To put in place an effective system and procedure for Customer identification and verifying its / his / her identity, residential address, and other details.

3. To enable Company to know and understand its Customers and their financial dealings better which, in turn, would help the Company to manage risks prudently;

4. To put in place appropriate controls for detection and reporting of suspicious activities as envisaged under the Anti Money Laundering Act, 2002 and rules thereunder and in accordance with laid down procedures;

5. To comply with applicable laws and regulatory guidelines.

3. APPLICABILITY

 It may be noted that this policy as stated in this document shall prevail over anything else contained in any other document / process/circular/letter/instruction of the Company in this regard (KYC-AML). This policy shall be applicable to all verticals/products of the Company whether existing or to be rolled out in future.

3. KEY DEFINITIONS

1.  “Aadhaar number” shall have the meaning assigned to it in clause (a) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016)
2.  “Act” and “Rules” means the Prevention of Money-Laundering Act, 2002 and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, respectively and amendments thereto.
3. “Authentication", in the context of Aadhaar authentication, means the process as defined under sub-section (c) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.

4. “Board” means Board of Directors of the Company.
5.  “Central KYC Records Registry” (CKYCR) means an entity defined under Rule 2(1)(aa) of the Prevention of Money Laundering Rules, to receive, store, safeguard and retrieve the KYC records in digital form of a customer;
6. “Certified Copy” means a comparative copy of the proof of possession of Aadhaar number where offline verification cannot be carried out or officially valid document so produced by the customer with the original and recording the same on the copy by the authorized officer of the company.
7. “Company” means SHIVAKARI FINANCE PRIVATE LIMITED.
8. “Customer” means a person who is engaged in a financial transaction or activity with a company and includes a person on whose behalf the person who is engaged in the transaction or activity, is acting.
9. “Customer Due Diligence (CDD)” means identifying and verifying the customer and the beneficial owner
10.  “Designated Director" means Managing Director or a whole-time Director, or any director duly authorised by the Board of Directors of the Company to ensure overall compliance with the obligations imposed under chapter IV of the Prevention of Money Laundering Act and the Rules;

Explanation:

1. For the purpose of this clause, the terms "Managing Director" and "Whole-time Director" shall have the meaning assigned to them in the Companies Act, 2013.
2. “Directors” means individual Directors or Directors on the Board of the Company.

11. “Digital KYC” means the capturing live photo of the customer and officially valid document or the proof of possession of Aadhaar, where offline verification cannot be carried out, along with the latitude and longitude of the location where such live photo is being taken by an authorised officer of the RE as per the provisions contained in the Act.
12. “Digital Signature” shall have the same meaning as assigned to it in clause (p) of subsection (1) of Section (2) of the Information Technology Act, 2000.
13. “Equivalent e-document” means an electronic equivalent of a document, issued by the issuing authority of such document with its valid digital signature including documents issued to the digital locker account of the customer as per rule 9 of the Information Technology (Preservation and Retention of Information by Intermediaries Providing Digital Locker Facilities) Rules, 2016.
14. “Know Your Client (KYC) Identifier” means the unique number or code assigned to a customer by the Central KYC Records Registry.
15. “KYC Templates” means templates prepared to facilitate collating and reporting the KYC data to the CKYCR, for individuals and legal entities.
16. Non-face-to-face Customers” mean customers who open accounts without visiting the branch/offices of the Company or meeting the officials of the Company.
17. “Non-Profit Organisations” (NPO) means any entity or organization that is registered as a trust or a society under the Societies Registration Act, 1860 or any similar State legislation or a Company registered under Section 25 of the Companies Act, 1956 or applicable Section 8 of Companies Act, 2013.
18. “Officially Valid Document” (OVD) means Passport,  Driving license,  Proof of possession of Aadhaar Number, Voter's Identity Card issued by the Election Commission of India,  Job card issued by NREGA duly signed by an officer of the State Government and letter issued by the National Population Register containing details of name and address.

“Provided also that where the client submits his proof of possession of Aadhaar number as an officially valid document, he may submit it in such form as are issued by the Unique Identification Authority of India”.

Explanation:

For the purpose of this clause, a document shall be deemed to be an OVD even if there is a change in the name subsequent to its issuance provided it is supported by a marriage certificate issued by the State Government or Gazette notification, indicating such a change of name.

19. “Person” includes an individual, a Hindu undivided family, a Company, a firm, an association of persons, a body of individuals, whether incorporated or not, or every artificial juridical person, not falling within any one of the above persons any agency, office or branch owned or controlled by any of the above persons.
20. “Periodic Updation” means steps taken to ensure that documents, data, or information collected under the CDD process are kept up-to-date and relevant by undertaking reviews of existing records at the periodicity prescribed by the Reserve Bank or act or rules.
21. “Principal Officer” means an officer nominated by the Company, responsible for furnishing information as per Rule 8 of the Rules;
22. Politically Exposed Persons (“PEP”) Politically Exposed Persons are Persons who are or have been entrusted with prominent public functions in India or foreign country, e.g., Heads of States or of Governments, senior politicians (eg. MPs, MLAs, MLC, Municipal Counsellors, Panchayat President, Members), senior government/judicial/military officers, senior executives of state-owned corporations, all political party officials, Political Parties, etc.
23.  “Regulated Entities” (REs) means: all Scheduled Commercial Banks (SCBs)/ Regional Rural Banks(RRBs)/ Local Area Banks (LABs)/ All Primary (Urban) Co-operative Banks (UCBs)/State and Central Cooperative Banks (St CBs / CCBs) and any other entity which has been licensed under Section 22 of Banking Regulation Act, 1949, which as a group shall be referred as ‘banks’ All India Financial Institutions (AIFIs) All Non-Banking Finance Companies (NBFC)s, Miscellaneous Non-Banking Companies (MNBCs) and Residuary Non-Banking Companies (RNBCs).  All Payment System Providers (PSPs)/ System Participants (SPs) and Prepaid Payment Instrument Issuers (PPI Issuers) All authorized persons (APs) including those who are agents of Money Transfer Service Scheme (MTSS), regulated by the Regulator
24. “Suspicious Transaction” means a “transaction”, including an attempted transaction, whether or not made in cash, which, to a person acting in good faith:  gives rise to a reasonable ground of suspicion that it may involve proceeds of an offense specified in the Schedule to the Act, regardless of the value involved; or appears to be made in circumstances of unusual or unjustified complexity, or appears to not have an economic rationale or bonafide purpose, or gives rise to a reasonable ground of suspicion that it may involve financing of the activities relating to terrorism.

Explanation: Transaction involving financing of the activities relating to terrorism includes transactions involving funds suspected to be linked or related to, or to be used for terrorism, terrorist acts or by a terrorist, terrorist organization or those who finance or are attempting to finance terrorism.

25.  “Transaction” means a purchase, sale, loan, pledge, gift, transfer, delivery or the arrangement thereof and includes:  

1. Opening of an account, or
2. Deposit, withdrawal, exchange, or transfer of funds in whatever currency, whether in cash or by cheque, payment order or other instruments or by electronic or other non-physical means;  or
3. The use of a safety deposit box or any other form of safe deposit;  or
4. Entering into any fiduciary relationship; or
5. any payment made or received, in whole or in part, for any contractual or other legal obligation; or
6. Establishing or creating a legal person or legal arrangement.

26. “Video-based Customer Identification Process (V-CIP)” means a method of customer identification by an official of the company by undertaking seamless, secure, real-time, consent based audio-visual interaction with the customer to obtain identification information including the documents required for CDD purpose, and to ascertain the veracity of the information furnished by the customer.

All other expressions unless defined herein shall have the same meaning as have been assigned to them under the applicable Master direction on NBFC or the Reserve Bank of India Act, or the Prevention of Money Laundering Act and Prevention of Money Laundering (Maintenance of Records) Rules, any statutory modification or re-enactment thereto or as used in commercial parlance, as the case may be.

4. KEY ELEMENTS

The Company has framed its KYC policy incorporating the following four key elements:

1. Customer Acceptance Policy;
2. Customer Identification Procedures;
3. Monitoring of Transactions; and
4. Risk Management

For the purpose of the KYC policy, a ‘Customer' is defined as per Clause 3 i.e., Definitions.

1. Customer Acceptance Policy (CAP)

“SFPL” lays down criteria for acceptance of customers. While taking the decision to grant any facilities to the customers as well as during the continuation of any facilities the following norms and procedures will be followed by the company.

The Customer Acceptance Policy will ensure that explicit guidelines are in place on the following aspects of customer relationship in the Company:

1. No account is opened and/ or loan amount disbursed  in anonymous or fictitious/benami name(s);
2. CDD procedure is applied at the unique customer identification number level. This way, if an existing KYC compliant customer wishes to avail another loan from the Company, there will be no need for a fresh CDD exercise.
3. No transaction or account-based relationship is undertaken without following the CDD procedure.
4. Parameters of risk perception are clearly defined in terms of the customer’s background,  nature and location of activity, country of origin, sources of funds, client profile, repayment history etc., to enable the categorization of customers into low, medium and high risk, e.g. Politically Exposed Persons may, if considered necessary, be categorized into high risk customer.
5. The Company will take care of the documentation requirements and other information to be collected in respect of different categories of customers depending on perceived risk and keeping in mind the requirements of PML Act, 2002 and guidelines issued by the Reserve Bank from time to time;
6. The mandatory information to be sought for KYC purposes while opening an account and during the periodic updation, is specified.
7. The Company will not open an account or close an existing account where it is unable to apply appropriate customer due diligence measures i.e. it is unable to verify the identity and /or obtain documents required as per the risk categorization due to non-cooperation of the customer or non reliability of the data/information furnished to the Company. It may, however, be necessary to have suitable built-in safeguards to avoid harassment of the customer. For example, the decision to close an account will be taken at a reasonably high level after giving due notice to the customer explaining the reasons for such a decision.
8. CDD Procedure is followed for all the joint account holders, co-applicants and guarantor(s) while disbursing a joint loan.
9. Circumstances in which a customer is permitted to act on behalf of another person/entity will be clearly spelt out in conformity with the established law and practices, as there could be occasions when an account is operated by a mandate holder or where an account may be opened by an intermediary in a fiduciary capacity, and
10. Necessary checks will be performed before opening a new account to ensure that the identity of the customer does not match with any person with known criminal background or with banned entities such as individual terrorists or terrorist organizations, UN Security Council List of Prohibited clients. Further, the Company will ensure that the name of the proposed clients does not appear in the consolidated list of individual and entities circulated by the RBI for such purposes.
11. Where the Permanent Account Number (PAN) is obtained from the customer, the same will be verified from the verification facility of Income Tax Act.
12. Where an equivalent e-document is obtained from the customer, the company will verify the digital signature as per the provisions of the Information Technology Act, 2000.

In compliance of above requirements the employees and staffs of the company make sure that the while complying with the aforementioned requirement does not result in any type of harassment or inconvenience to bona fide and genuine customers who should not feel discouraged while dealing with the Company and the adherence of customer acceptance policy must not result in denial of the company’s services to general public, especially to those, who are financially or socially disadvantaged.

2. Customer Identification Procedures

The Company’s adopted Customer Identification Procedure shall be carried out at different stages, i.e. while establishing an account relationship; carrying out a financial transaction or when the Company has doubt about the authenticity/veracity or the adequacy of the previously obtained customer identification data.

Customer Identification means identifying the customer and verifying his/ her identity by using reliable, independent source documents, data or information.

SFPL needs the following necessary information to establish, to its satisfaction, the identity of each new customer, whether regular or occasional and the purpose of the intended nature of relationship.

Being satisfied means that the Company must be able to satisfy the competent authorities like the RBI, MCA etc. that due diligence was observed based on the risk profile of the customer in compliance with the extant guidelines in place.

Besides risk perception, the nature of information/documents required will also depend on the type of customer.

In compliance with the regulatory norms, the Company will take reasonable measures to identify the beneficial owner(s) and verify his/her/their identity in a manner so that it is satisfied that it knows who the beneficial owner(s) is/are.

The Company will ensure that the identity of the customer, including beneficial owner is done based on disclosures by the customers themselves.

The Company will also comply with Section 11 of PML Act, 2002 to verify the identity of its customers and beneficial owners.

CDD in case of new customer on-boarding for individual customers, proprietor in case of proprietorship firm, authorised signatories and Beneficial Owners (BOs) in case of Legal Entity (LE) customers.

Provided that in case of CDD of a proprietorship firm, the Company shall also obtain the equivalent e-document of the activity proofs with respect to the proprietorship firm, as mentioned in list of documents given under Annexure-A, apart from undertaking CDD of the proprietor.

An indicative list of the nature and type of documents/information that will be relied upon for customer identification are provided as Annexure-A.

CUSTOMER DUE DILIGENCE PROCEDURES (“CDD”)

The true identity and bonafide of the existing customers and new potential customers opening loan accounts with the Company and obtaining basic background information would be of paramount importance.

Procedure for Obtaining Identification Information

For undertaking CDD, the Company will obtain the information from an individual, Sole Proprietary Firms, partnership firms and Legal Entities while establishing an account-based relationship or while dealing with the individual who is a beneficial owner, authorized signatory, or the power of attorney holder related to any legal entity. A detailed procedure to be followed by the Company is attached as Annexure-B.

RISK PROFILING

• “SFPL” to devise a procedure for creating Risk Profiles of their new customers based on risk categorization. The Company shall categorize the customers according to the risk perceived to facilitate undertaking due diligence for the purpose of risk categorization. The customer profile shall contain amongst others information relating to the customer’s identity, social/ financial status, nature of the business activity, information about the customer’ clients’ business and their location, etc.
• Further, the Company shall seek information from its customers which is relevant for the loan and is in conformity with the guidelines. The customer’s profile with the Company shall remain a confidential document and the information shall not be divulged for cross-selling or any other purpose.
• The Company will apply enhanced due diligence measures based on the risk assessment, thereby requiring intensive ‘due diligence' for higher risk customers, especially those for whom the sources of funds are not clear. Examples of customers requiring higher due diligence may include:

• Non-face to face customers, and
• Those with dubious reputation as per public information available.

• The extent of due diligence requirement will vary from case to case as the same will depend upon risk perceived by the Company while granting credit facilities to customers.
• For the purpose of preparing customer profile only such relevant information from the customers will be sought based on which the Company can easily decide about the risk category in which the customers are to be placed.
• “SFPL” has formulated an indicative list of customers and their respective risk categories. The same is attached as Annexure-C to this Policy.

Monitoring of Transactions

Ongoing monitoring is an essential element of effective KYC procedures. The Company can effectively control and reduce its risk only if it has an understanding of the normal and reasonable activity of the customer so that it can identify transactions that fall outside the regular pattern of activity. However, the extent of monitoring will depend on the risk sensitivity of the account. Since the Company may not have any deposit accounts, this situation will not arise, but the Company shall pay special attention to depleting financial ratios, adequacy of collaterals etc. The Company will put in place a system of half-yearly review of risk categorization of all outstanding accounts and the need for applying enhanced due diligence measures.

The Company must pay special attention to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose. The Company must also have an understanding of the normal and reasonable activity of the customer so that they have the means of identifying transactions that fall outside the regular pattern of activity in order to effectively control and reduce the risk. Transactions that involve large amounts of cash inconsistent with the normal and expected activity of the customer should be noted and must be reported.

The Company will ensure that record of transactions in the accounts is preserved and maintained as required under Section 12 of the PML Act, 2002 and Rule 3, 4, and 5 of the PMLA Rules 2005 (Refer Point 8 for maintenance of records and Point 9 for preservation of records under the PML Act) in a separate register at the registered office of the Company in physical or electronic form and make it available to the regulatory and investigating authorities. It will also ensure that transactions of suspicious nature and/or any other type of transaction notified under section 12 of the PML Act, 2002, and Rules 3, 4, and 5 of the PMLA Rules, 2005 is reported to the appropriate law enforcement authority.

PERIODIC UPDATION OF KYC

• As per the requirement of the amended Master Direction on KYC dated 10th May 2021, the Company has adopted a risk-based approach for periodic updation of KYC in the following manner:

S.No.	Basis Risk category	Frequency
1.	High risk customers	Once every two years from the date of opening of the account / last KYC updation
2.	Medium risk customers	Once every eight years from the date of opening of the account / last KYC updation
3.	Low risk customers	Once  every ten years from the date of opening of the account / last KYC updation

• The company shall obtain self-declaration from Individual customers and non- Individual customers in case of no change in their KYC details. However, in case of change in address of individual customer a self-declaration of such change and proof of new address to be obtained from customer’s registered email id and the declared address shall be verified through positive confirmation within two months, by means such as address verification letter, contact point verification, deliverables etc.
• The Company may obtain a copy of OVD or deemed OVD or the equivalent e-documents thereof, as defined in Section 3(a)(xiii) of Master Direction on KYC, for the purpose of proof of address, declared by the customer at the time of periodic updation.
• In case of change in KYC information of non-individual customer, the Company shall undertake a KYC process which shall be equivalent to on-boarding a new customer.

MAINTENANCE OF RECORDS OF TRANSACTIONS AND REPORTING

“SFPL” has a system of maintaining a proper record of transactions prescribed under Rule 3 of PMLA rules and transaction, procedure, manner of maintaining transactions, and manner of furnishing prescribed under rule 3, 4, 5, 6, 7 and 8 of PML Rules 2005 mentioned below:

1. All cash transactions of the value of more than rupees ten lakh or its equivalent in foreign currency;
2. All series of cash transactions integrally connected to each other which have been valued below rupees ten lakh or its equivalent in foreign currency where such series of transactions have taken place within a month and the aggregate value of such transactions exceeds rupees ten lakh;
3. All transactions involving receipts by non-profit organizations of rupees ten lakhs or its equivalent in foreign currency;
4. All suspicious transactions, where forged or counterfeit currency notes or bank notes have been used as genuine and where any forgery of a valuable security has taken place;
5. All suspicious transactions whether or not made in cash and by way of as mentioned in the Rules.

The records shall be preserved in the following manner:

1. The nature of transactions
2. The amount of the transaction and the currency in which it was denominated
3. The date on which the transaction was conducted
4. The parties to the transaction

The information in respect of the transactions referred to in clauses I, II and III referred above will be submitted to the Director – FIU every month by the 15th day of the succeeding month.

The information in respect of the transactions referred to in clause IV referred above will be furnished promptly to the Director – FIU in writing, or by fax or by electronic mail not later than seven working days from the date on being satisfied that the transaction is suspicious.

The information in respect of the transactions referred to in clause V referred above will be furnished promptly by the Director – FIU in writing, or by fax or by electronic mail not later than seven working days on being satisfied that transaction is suspicious.

Strict confidentiality will be maintained by the Company and its employees regarding the fact of furnishing/reporting details of such suspicious transactions.

As advised by the FIU-IND, New Delhi; the Company will not be required to submit 'NIL' reports in case there are no Cash / Suspicious Transactions, during a particular period.

The required information will be furnished by the Company directly to the FIU-IND, through the designated Principal Officer.

REPORTING REQUIREMENTS TO FINANCIAL INTELLIGENCE UNIT – INDIA

SFPL shall furnish to the Director, Financial Intelligence Unit-India (FIU-IND), information referred to in Rule 3 of the PML (Maintenance of Records) Rules, 2005 in terms of Rule 7 thereof.

Explanation: In terms of Third Amendment Rules notified September 22, 2015 regarding amendment to sub rule 3 and 4 of rule 7, Director, FIU-IND shall have powers to issue guidelines to the REs for detecting transactions referred to in various clauses of sub-rule (1) of rule 3, to direct them about the form of furnishing information and to specify the procedure and the manner of furnishing information.

The reporting formats and comprehensive reporting format guide prescribed/ released by FIU-IND and Report Generation Utility and Report Validation Utility developed to assist reporting entities in the preparation of prescribed reports shall be taken note of. The editable electronic utilities to file electronic Cash Transaction Reports (CTR) / Suspicious Transaction Reports (STR) which FIU-IND has placed on its website shall be made use of by REs which are yet to install/adopt suitable technological tools for extracting CTR/STR from their live transaction data. The Company’s Principal Officers, whose all branches are not fully computerised, shall have suitable arrangement to cull out the transaction details from branches which are not yet computerized and to feed the data into an electronic file with the help of the editable electronic utilities of CTR/STR as have been made available by FIU-IND on its website http://fiuindia.gov.in.

While furnishing information to the Director, FIU-IND, delay of each day in not reporting a transaction or delay of each day in rectifying a misrepresented transaction beyond the time limit as specified in the Rule shall be constituted as a separate violation. The Company shall not put any restriction on operations in the accounts where an STR has been filed. The Company shall keep the fact of furnishing of STR strictly confidential. It shall be ensured that there is no tipping off to the customer at any level.

However, robust software throwing alerts when the transactions are inconsistent with risk categorization and updated profile of the customers shall be put in to use as a part of effective identification and reporting of suspicious transactions.

The Principal Officer can also report information relating to cash and suspicious transactions if detected, to the Director, Financial Intelligence Unit-India (FIU-IND) as advised in terms of the PML rules, 2005 in the prescribed formats at the following address:

Director, FIU-IND,

Financial Intelligence Unit, India,

6th Floor, Hotel Samrat, Chanakyapuri,

New Delhi – 110021

A copy of information furnished shall be retained by the Principal Officer for the purposes of official record.

The Company shall keep the fact of furnishing of STR strictly confidential. It shall be ensured that there is no tipping off to the customer at any level.

However, robust software throwing alerts when the transactions are inconsistent with risk categorization and updated profile of the customers shall be put in to use as a part of effective identification and reporting of suspicious transactions.

3. Risk Management

The Board of Directors of “SFPL” has ensured that an effective KYC program is in place and established appropriate procedures, while constantly overseeing its effective implementation. The programme covers proper management oversight, systems and controls, segregation of duties, training and other related matters. Responsibility has been explicitly allocated within the Company to ensure that its policies and procedures are implemented effectively. The Board of the Company has devised procedures for creating Risk Profiles of new customers and will apply various Anti Money Laundering measures keeping in view the risks involved in a transaction, account or business relationship.

The Company’s internal control and compliance functions have an important role in evaluating and ensuring adherence to the KYC policies and procedures. The compliance function will provide an independent evaluation of the Company’s policies and procedures, including legal and regulatory requirements.

“SFPL” will ensure that its internal control systems and machinery are staffed adequately with individuals who are well-versed in such policies and procedures or hire the services of a reputed Company engaged in providing quality services in the said field. The Company will specifically check and verify the application of KYC procedures and comment on the lapses observed in this regard. The compliance in this regard will be presented before the Board at quarterly intervals.

The Company will have an ongoing (at regular intervals) employee training program so that members of the staff are adequately trained in KYC procedures. Training requirements will have different focuses for frontline staff, compliance staff and staff dealing with new customers.

For Risk Management, SFPL will have a risk-based approach that includes the following:

1. Customers shall be categorized as low, medium and high-risk category, based on the assessment and risk perception of the Company.
2. Each customer will be allotted a Unique Customer Identification Number (UCIN) at the time of sanction of loan by the Company.
3. Risk categorisation shall be undertaken based on parameters such as customer’s identity, social/financial status, nature of business activity, and information about the clients’ business and their location, etc. Provided that other information collected from different categories of customers relating to the perceived risk is non-intrusive and the same is specified in the KYC policy.

5. DESIGNATED DIRECTOR

SFPL shall appoint ‘Designated Director’ who will be responsible for overall compliance with the obligation imposed under Chapter IV of the PML Act.

6 PRINCIPAL OFFICER

SFPL shall appoint ‘Principal Officer’ who will be responsible for reporting all transactions and sharing of information. He/ She will also be responsible to ensure that proper steps are e taken to fix accountability for serious lapses and intentional contraventions of the KYC guidelines

7. MONEY LAUNDERING AND TERRORIST FINANCING RISK ASSESSMENT

1. The Company shall carry out ‘Money Laundering (ML) and Terrorist Financing (TF) Risk Assessment’ exercise periodically to identify, assess and take effective measures to mitigate its money laundering and terrorist financing risk for clients, countries or geographic areas, products, services, transactions or delivery channels, etc. The assessment process will consider all the relevant risk factors before determining the level of overall risk and the appropriate level and type of mitigation to be applied. While preparing the internal risk assessment, the Company will take cognizance of the overall sector-specific vulnerabilities, if any, that the regulator/supervisor may share with the Company from time to time.
2. The risk assessment exercise by the Company shall be properly documented and be proportionate to the nature, size, geographical presence, complexity of activities/structure, etc. of the Company. Further, the periodicity of risk assessment exercise shall be determined by the Board of the company, in alignment with the outcome of the risk assessment exercise. However, it will be reviewed at least annually.
3. The outcome of the exercise shall be put up to the Board or any committee of the Board to which power in this regard has been delegated and will be available to competent authorities and self-regulating bodies.
4. The Company shall apply a Risk Based Approach (RBA) for mitigation and management of the identified risk and have Board approved policies, controls and procedures in this regard. Further, the company shall monitor the implementation of the controls and enhance them if necessary.

5. The Company shall monitor the implementation of the controls and enhance them if necessary.

8. DUE DILIGENCE OF BUSINESS PARTNERS

The following due diligence must also be performed on prospective Business Partners.

A) Verify Identity:

I. Obtain and file legible copies of corporate formation and registration documents or public company prospectuses and government filings.

ii. PAN card of the Directors etc.

iii. Wherever possible (in the case of privately owned entities), arrange for a recommendation from legal counsel to the company.

iv. Wherever possible (in the case of privately owned entities), obtain from appropriate government entity confirmation of due incorporation and existence of the corporation.

v. Wherever possible (in the case of privately owned entities), Verify the identity of All directors, Shareholders, UBO of body corporate through various online sources.

B) Verify Source of Income:

i. Research for the Company details in available news or business databases and obtain all corporate earnings information available.

The Company shall maintain files on each Business Partner with copies of all data obtained and memorialize in writing all the verification efforts. These files may be maintained electronically and should be accessible quickly when needed.

8.  IDENTIFICATION OF BENEFICIAL OWNERSHIP

The Company will determine the beneficial ownership and controlling interest in case of applicants who are not individuals and the KYC of the beneficial owners will be completed. In the case of beneficial owners, Yes/No authentication provided by UIDAI shall suffice.

Applicable	Guidelines
Where the client is a company	The beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has a controlling ownership interest or who exercises control through other means.	a. Ownership of/entitlement to more than 25 % of shares or capital or profits of the company b. Control shall include the right to appoint majority of the directors or to control the management or policy decisions including by virtue of their shareholding or management rights or shareholders agreements or voting agreements
Where the client is a partnership firm or a company	The beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person	Ownership of/entitlement to more than 15% of the capital or profits of the partnership.
Where no natural person is identified under (i) or (ii) above	The beneficial owner is the relevant natural person who holds the position of senior managing official

There are certain indicative guidelines issued by RBI from time to time for customer identification requirements for matters such as Trust / Nominee or Fiduciary Accounts, Accounts of companies & firms, Client Accounts opened by professional intermediaries, Accounts of Politically Exposed Persons resident outside India and Accounts of non-face-to-face customers. The Company will adhere to these guidelines to the extent applicable.

9. RECORDS RETENTION

Records pertaining to the identification of the customer and their address obtained while opening their account and during the course of the business relationship will be preserved in accordance with the Section 12 of the PLM Act, 2002. The provision specifies for retention of records for a period of at least five years after the business relationship has ended in case of all transactions related to the individuals, or for at least five years from the date of the transaction between a client and the reporting entity in case of evidencing identity of its clients and beneficial owners.

10.  REPORTING TO CENTRAL KYC REGISTRY (CKYCR)

The customer KYC information will be shared with the CKYCR in the manner mentioned in the RBI Directions in the RBI’s KYC templates prepared for ‘individuals’ and ‘Legal Entities (LE)’ as the case may be with Central Registry of Securitization Asset Reconstruction and Security Interest of India (CERSAI).

The customer information related to LEs (Legal Entities) will be submitted to CKYCR for accounts of LEs (Legal Entities) opened on or after the commencement of NBFI business activities.

Further, during periodic updation, customers’ KYC details will be migrated to current Customer Due Diligence (CDD) standards.

If a customer submits KYC Identifier, with explicit consent to download records from CKYCR, KYC records could be retrieved online from CKYCR and the customer will not be required to submit any KYC records unless in the following events:

1. There is a change in information of customer as existing in the records of CKYCR;
2. The current address of customer needs to be verified;
3. It is considered necessary to verify identity or address of customer, or to perform enhanced due diligence or to build an appropriate risk profile of the client.

 KYC Identifier generated by CKYCR will be communicated to the Individual/LE.

11. GENERAL

The Company shall ensure that the provisions of KYC master direction, PMLA and the Rules framed thereunder and the Foreign Contribution and Regulation Act, 1976, wherever applicable, are adhered to strictly. Where the Company is unable to apply appropriate KYC measures due to non-furnishing of information and /or non-cooperation by the customer, the Company may consider closing the account or terminating the business relationship after issuing due notice to the customer explaining the reasons for taking such a decision. Such decisions need to be taken at a reasonably senior level.

ANNEXURE-A

List of KYC Documents for Different Types of Customers

Type of Customer	Type of Proof	Documents
Accounts of individuals	Proof of Identity	Copy of Pan Card or If a pan card is not available then Form 60
	Proof of address Along with the two latest passport size photographs	i) Passport (ii) Voter’s Identity Card (iii) Driving license (iv) proof of possession of Aadhaar number (iv) Job card issued by NREGA duly signed by an officer of the State Government (v) Identity card (subject to the bank’s satisfaction) If above submitted documents does not have updated address then following documents or the equivalent e-documents need to submit: (i) Utility bill (electricity, telephone, post-paid mobile phone, piped gas, water bill); is not more than two months old of any service provider (ii) property or Municipal tax receipt;  (iii) pension or family pension payment orders (PPOs) issued to retired employees by Government Departments or Public Sector Undertakings, if they contain the address;  (iv) letter of allotment of accommodation from employer issued by State Government or Central Government Departments, statutory or regulatory bodies, public sector undertakings, scheduled commercial banks, financial institutions and listed companies.
Accounts of Proprietary Concerns
-Name, Address and Activity of the Proprietary Concern.		Proprietor documents: Pan card Address proof as applicable for an individual account. the two latest passport size photographs. Entity documents:  Proof of the name, address and activity of the entity, like GST certificate or Shop & establishment license or Any registration/licensing document issued in the name of the proprietary concern by the Central Government or State Government Authority/Department. The Company may also accept IEC (Importer Exporter Code) issued to the proprietary concern by the office of DGFT as an identity document for opening of account. The complete Income Tax return (not just the acknowledgement) in the name of the sole proprietor where the firm's income is reflected duly authenticated/ acknowledged by the Income Tax Authorities Utility bills such as electricity, water, and landline telephone bills in the name of the proprietary concern.
Accounts of partnership firms
– Legal name – Address – Names of all partners and their addresses -Telephone numbers of the firm and partners		Documents of partner: (i) Pan card of all the partners. Address proof as applicable for an individual account. The two latest passport size photographs. Partnership firm Documents: (i) Permanent Account Number of the partnership firm; (ii)  Proof of the name, address and activity of the entity, like GST certificate or Shop & establishment license or Any registration/licensing document issued in the name of the partnership firm by the Central Government or State Government Authority/Department.  (ii) Partnership deed (iii) Authority Letter signed by all the partners. (iv) The complete Income Tax return of last three years if it is applicable or such lesser period (not just the acknowledgement) in the where the firm's income is reflected duly authenticated/ acknowledged by the Income Tax Authorities. (v) Utility bills such as electricity, water, and landline telephone bills in the name of the partnership firm.  (vi) Any other prescribed equivalent e-documents.
Accounts of companies
– Legal name – Address – Names of all partners and their addresses – -Telephone numbers of the firm and partners		(i) Basic documents of company i.e.  Certificate of incorporation, Memorandum & Articles of Association, Permanent Account Number of the company & Any license or registration certificate by central government state government or any  regulatory authority of India. (ii) Resolution by the Board of Directors to obtain a loan from SFPL and authority to any director or employee to act on behalf of the company. (iii) One Proof of identity (PAN CARD), Proof of address, and a Colored recent passport size photograph of the authorized person. (iv) List of Directors as on date. (v) List of Shareholders. (vi) Financials statement along with the statutory company’s auditor report of the latest preceding completed financial year. (vii) Income tax return of last 3 years or such a lesser period as may be applicable along with the Tax audit report. (viii) Any other prescribed equivalent e-documents.

ANNEXURE-B

Procedure for Obtaining Identification Information for Undertaking CDD

The Company shall obtain the following information from an individual while establishing an account-based relationship or while dealing with the individual who is a beneficial owner, authorized signatory or the power of attorney holder related to any legal entity:

1. From an individual who is eligible for enrolment of Aadhaar, the Aadhaar number; the Permanent Account Number (PAN) or the equivalent e-document thereof or Form No. 60 as defined in Income Tax Rules, 1962, as amended from time to time, the proof of possession of Aadhaar number where offline verification can be carried out or not; and such other documents including in respect of the nature of business and financial status of the client, or the equivalent e-documents thereof as may be required by the company.

Provided, where an Aadhaar number has not been assigned to an individual, proof of application of enrolment for Aadhaar shall be obtained wherein the enrolment is not older than 6 months and in case PAN is not submitted, certified copy of an OVD or the equivalent e-document thereof containing details of identity and address and two recent photograph shall be obtained.

Provided that where the customer has submitted:

1. Aadhaar number as mentioned above to the Company, the Company shall carry out authentication of the customer’s Aadhaar number using e-KYC authentication facility provided by the Unique Identification Authority of India.
2. Proof of possession of Aadhaar where offline verification can be carried out, the company shall carry out offline verification.
3. Equivalent e-document of any OVD, the company shall verify the digital signature as per the provisions of the Information Technology Act, 2000 (21 of 2000) and any rules issued there under and take a live photo as specified under Annex I of the Master Direction.
4. Proof of possession of Aadhaar number where offline verification cannot be carried out, the company shall carry out verification through an application developed by RE or through his lending service partner or technology partner for this purpose.

“Explanation- Obtaining a certified copy by reporting entity shall mean comparing the copy of officially valid document so produced by the client with the original and recording the same on the copy by the authorised officer of the reporting entity”

Provided further, that from an individual, is not a resident or is a resident in the State of Jammu and Kashmir or Assam or Meghalaya, and does not submit the Permanent Account Number where its client submits his Aadhaar number, ensure such client to redact or blackout his Aadhaar number through appropriate means where the authentication of Aadhaar number is not required under sub-rule (15).

Provided that in case the OVD submitted by a foreign national does not contain the details of address, in such case the documents issued by the Government departments of foreign jurisdictions and letter issued by the Foreign Embassy or Mission in India shall be accepted as proof of address.

Explanation 1: Aadhaar number shall not be sought from individuals who are not ‘residents’ as defined under these Directions.

Explanation 2: Customers, at their option, shall submit one of the five OVDs.

Explanation 3: Equivalent e-document has also been permitted for accounts of the non-individual customer.

2. In case the identity information relating to the Aadhaar number or Permanent Account Number submitted by the customer does not have a current address, other current address proof defined under Annexure-A shall be obtained from the customer for this purpose.

Provided that the client shall submit updated officially valid document with a current address within a period of three months of submitting the above documents.”

3. The Company, at the time of receipt of the Aadhaar number, shall carry out, with the explicit consent of the customer, e-KYC authentication (biometric or OTP based) or Yes/No authentication.

Provided:

1. Yes/No authentication shall not be carried out while establishing an account-based relationship.
2. In case of existing accounts where Yes/No authentication is carried out, the Company shall ensure to carry out biometric or OTP based e-KYC authentication within a period of six months after carrying out yes/no authentication.
3. Yes/No authentication in respect of beneficial owners of a legal entity shall suffice in respect of existing accounts or while establishing an account-based relationship.
4. Where OTP based authentication is performed in ‘non-face to face’ mode for opening new accounts, the limitations as specified in Section 17 shall be applied.
5. Biometric based e-KYC authentication can be done by bank official/business correspondents/business facilitators/ Biometric enabled ATMs.

Explanation 1: While seeking explicit consent of the customer, the consent provisions as specified in Section 5 and 6 of the Aadhaar (Authentication) Regulations, 2016, shall be observed.

Explanation 2: REs shall allow the authentication to be done at any of their branches.

(d)        Account may be opened using OTP based e-KYC in non-face to face mode, are also accepted subject to certain conditions.

1)        There must be a specific consent from the Customer for authentication through OTP;

2)        As regards to borrowal accounts, only term loans shall be sanctioned. The aggregate amount of term loans sanctioned in a year shall not exceed rupees sixty thousand in a financial year;

3)        A declaration shall be obtained from the customer to the effect that no other account has been opened nor will be opened using OTP based KYC either with the Company or with any other financial institution.

(e) If the aggregate of borrowal amount of the single borrower, in one or more tranches, is exceeded rupees sixty thousand in a financial year, then the Company shall carry the CDD by using physical mode or Video based Customer Identification Process (V-CIP), as per procedure mentioned in Annexure-1

4. The customer shall submit Permanent Account Number or Form No. 60, , the Permanent Account Number/ form 60 at the time of commencement of an account-based relationship with the Company, the Customer shall submit the same within a period of six months from the date of the commencement of the account based relationship. In case the customer fails to submit Permanent Account Number/Form 60 within the aforesaid six months period, the said account shall cease to be operational till the time Permanent Account Number/ Form 60 is submitted by the customer.

Explanation: In case of asset accounts such as loan accounts, for the purpose of ceasing the operation in the account, only credits shall be allowed.

5. The Company shall duly inform the customer about this provision while opening the account.
6. The customer, shall submit the Permanent Account Number, except one who is a not a resident or resident in the State of Jammu and Kashmir or Assam or Meghalaya, already having an account based relationship with the Company, shall submit his Permanent Account Number or Form No.60, on such date as may be notified by the Central Government, failing which the account shall temporarily cease to be operational till the time the Permanent Account Number or Form No. 60 is submitted by the client:

Provided that before temporarily ceasing operations for an account, the reporting entity shall give the client an accessible notice and a reasonable opportunity to be heard.

Explanation– For the purpose of this clause, “temporary ceasing of operations” in relation an account means the temporary suspension of all transactions or activities in relation to that account by the reporting entity till such time the client complies with the provisions of this clause;

7. If a client has an existing account based relationship with a reporting entity, gives in writing to the reporting entity that he does not want to submit his Permanent Account Number or Form No.60, as the case may be, the client’s account with the reporting entity shall be closed and all obligations due in relation to the account shall be appropriately settled after establishing the identity of the client in the manner as may be determined by the regulator.

Provided that the Company shall serve a notice for the compliance before such date.

8. The Company shall ensure that introduction is not to be sought while opening accounts.
9. Lastly, in case where the individual is a prisoner in a jail, the signature or thumb print shall be affixed in presence of the officer in-charge of the jail and the said officer shall certify the same under his signature. Further, the account shall remain operational only on annual submission of certificate of proof of address issued by the officer in-charge of the jail.

ANNEXURE-C

Indicative List for Risk Categorization

Low-Risk Customers	Medium-Risk Customers	High-Risk Customers
customers whose identities and sources of wealth can be easily identified and by and large conform to the known customer profile, In such cases, only the basic requirements of verifying the identity and location of the customer are to be met.	Stock brokerage; Import/Export; Gas Station; Car/Boat/Plane Dealership; Electronics (wholesale); Travel Agency; Telemarketers; Providers of telecommunications service, internet café, International direct dialling (IDD) call service.	High net worth individuals; Individuals with dubious reputation as per public information available or commercially available watch lists. Non-face-to-face customers. Politically exposed persons (PEPs) or Customers who are close relatives of PEPs. Individuals specifically identified by regulators, FIU and other competent authorities as high-risk. Firms with 'sleeping partners'; Complex business ownership structures, which can make it easier to conceal underlying beneficiaries, where there is no legitimate commercial rationale; Shell companies which have no physical presence in branch locations. The existence simply of a local agent or low-level staff does not constitute physical presence; Trusts, charities, NGOs/ unregulated clubs and organizations receiving donations