KNOW YOUR CUSTOMER (KYC) & ANTI-MONEY LAUNDERING (AML) POLICY

R.K. Bansal Finance Pvt. Ltd.

(This policy was reviewed and approved by the Board of Directors in the Board Meeting held on April 21, 2025.)

Document Details

1. Preamble

R.K. Bansal Finance Private Limited ("RKBFL" / "the Company"), being a Base Layer Non-Banking Financial Company (NBFC) registered with the Reserve Bank of India (RBI), engaged in the business of Payday Loans, EMI-based Loans, Loan Against Property (LAP) and other business loans, recognizes its responsibility to prevent misuse of its financial services for money laundering, terrorist financing and other unlawful activities.

Accordingly, this Know Your Customer (KYC) and Anti-Money Laundering (AML) Policy is formulated in compliance with:

• RBI Master Direction – Know Your Customer (KYC) Directions, 2016 (as amended from time to time)
• Prevention of Money Laundering Act, 2002 (PMLA)
• PML (Maintenance of Records) Rules, 2005
• RBI Guidelines for NBFCs (Base Layer)
• FATF Recommendations

This Policy lays down principles, systems, procedures and internal controls to ensure strong customer identification, risk mitigation, due diligence and monitoring.

2. Objectives

The objectives of this Policy are:

• To prevent the Company from being used knowingly or unknowingly for money laundering or terrorist financing activities.
• To ensure the Company understands its customers, their financial behavior and associated risks.
• To promote ethical conduct and transparency in business relationships.
• To comply with legal and regulatory requirements under RBI and PMLA framework.
• To define procedures for detection and reporting of suspicious activities.

3. Applicability

It may be noted that KYC – AML policy as stated in this document shall prevail over anything else contained in any other document / process/circular/letter/instruction of the Company in this regard (KYC-AML). This policy shall be applicable to all verticals/products of the Company whether existing or to be rolled out in future.

4. Definitions

• "Aadhaar number" shall have the meaning assigned to it in clause (a) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016)
• "Authentication", in the context of Aadhaar authentication, means the process as defined under sub-section (c) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.
• "Customer" means a person who is engaged in a financial transaction or activity with the Company and includes a person on whose behalf the person who is engaged in the transaction or activity, is acting
• "Act" and "Rules" means the Prevention of Money-Laundering Act, 2002 and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, respectively and amendments thereto.
• "Customer Due Diligence (CDD)" means identifying and verifying the customer and the beneficial owner
• "Central KYC Records Registry" (CKYCR) means an entity defined under Rule 2(1) (aa) of the Rules, to receive, store, safeguard and retrieve the KYC records in digital form of a customer
• "RamFincorp" means mobile based applications, products of the Company, which provides instant personal loan to the approved end user customers of the Company
• "Designated Director" means a person designated by the Company to ensure overall compliance with the obligations imposed under Chapter IV of the Act and the Rules and shall include Managing Director or a whole-time director, duly authorized by the Board
• "Digital KYC" means the capturing live photo of the customer and officially valid document or the proof of possession of Aadhaar, where offline verification cannot be carried out, along with the latitude and longitude of the location where such live photo is being taken by an authorized officer of the RE as per the provisions contained in the Act.
• "Digital Signature" shall have the same meaning as assigned to it in clause (p) of subsection (1) of section (2) of the Information Technology Act, 2000 (21 of 2000).
• "Equivalent e-document" means an electronic equivalent of a document, issued by the issuing authority of such document with its valid digital signature including documents issued to the digital locker account of the customer as per rule 9 of the Information Technology (Preservation and Retention of Information by Intermediaries Providing Digital Locker Facilities) Rules, 2016.
• "Know Your Client (KYC) Identifier" means the unique number or code assigned to a customer by the Central KYC Records Registry.
• "Officially Valid Document" (OVD) means the passport, the driving license, proof of possession of Aadhaar card, the Voter's Identity Card issued by the Election Commission of India, job card issued by NREGA duly signed by an officer of the State Government and letter issued by the National Population Register containing details of name and address. Provided that, where the customer submits his proof of possession of Aadhaar as an OVD, he may submit it in such form as issued by the Unique Identification Authority of India.
• "Principal Officer" means an officer nominated by the Company, responsible for furnishing information as per rule 8 of the Rules
• "Transaction" means a purchase, sale, loan, pledge, gift, transfer, delivery or the arrangement thereof and includes:
  • opening of an account;
  • deposit, withdrawal, exchange or transfer of funds in whatever currency, whether in cash or by cheque, payment order or other instruments or by electronic or other non-physical means;
  • the use of a safety deposit box or any other form of safe deposit;
  • entering into any fiduciary relationship;
  • any payment made or received, in whole or in part, for any contractual or other legal obligation; or
  • establishing or creating a legal person or legal arrangement
• "Video based Customer Identification Process (V-CIP)": a method of customer identification by an official of the Company by undertaking seamless, secure, real-time, consent based audio-visual interaction with the customer to obtain identification information including the documents required for CDD purpose, and to ascertain the veracity of the information furnished by the customer. Such process shall be treated as face-to-face process for the purpose of this KYC Policy.

5. Appointment of Principal Officer

Company shall designate an officer nominated by the Company as 'Principal Officer' (PO) who shall be responsible for monitoring and reporting of all transactions and sharing of information as required under the Act. PO shall maintain close liaison with enforcement agencies, NBFCs and any other institution which are involved in the fight against money laundering and CFT. The name, designation & address of the PO shall be communicated to FIU-IND and/or the department concerned of the RBI.

6. Compliance Structure

a) Senior Management Responsibility

Senior Management including Directors, Presidents and Compliance Head shall be responsible for policy implementation and operational adherence.

b) Training & Awareness

Periodic AML/KYC training shall be conducted for employees appropriate to their roles.

7. Key Elements of KYC Policy

The KYC Policy consists of:

1. Customer Acceptance Policy (CAP)
2. Customer Identification Procedure (CIP)
3. Customer Due Diligence (CDD)
4. Ongoing Due Diligence
5. Monitoring of Transactions
6. Record Maintenance
7. Reporting Mechanism

8. Customer Acceptance Policy

The Customer Acceptance Policy of the Company is aimed at ensuring that explicit guidelines are in place on the following aspects of customer relationship with the Company:

• No loan account will be opened and / or money will be disbursed in a name which is anonymous or fictitious/ benami name or appears to be borrowed.
• Accept customer only after verifying their identity, as per CDD, and if the Company is unable to apply appropriate CDD measures, either due to non-cooperation of the customer or non-reliability of the documents/information furnished by the customer then no account will be opened.
• No Transaction or account-based relationship is undertaken without following the CDD procedure.
• The mandatory information to be sought for KYC purpose while opening an account and during the periodic updation, as specified.
• Optional/ additional information is obtained with the explicit consent of the customer after the account is opened.
• Circumstances, in which a customer is permitted to act on behalf of another person/entity, shall be clearly spelt out in conformity with the established law and practices, as there could be occasions when an account is operated by a mandate holder or where an account may be opened by intermediary in a fiduciary capacity.
• Suitable system shall be put in place to ensure that the identity of the customer does not match with any person or entity, whose name appears in the sanctions lists circulated by Reserve Bank of India.

Subject to the above-mentioned norms and caution, at the same time all the employees of Company will also ensure that the above norms and safeguards do not result in any kind of harassment or inconvenience to bona fide and genuine customers who should not feel discouraged while dealing with the Company.

It is important to bear in mind that the adoption of Customer Acceptance Policy and its implementation should not become too restrictive and must not result in denial of the company's services to general public, especially to those, who are financially or socially disadvantaged.

9. Customer Identification Procedure (CIP)

Customer identification means identifying and undertaking Customer Due Diligence (CDD) of the Customer and verifying his / her identity by using reliable, independent source documents, data or information. The Company needs to obtain enough information necessary to establish, to their satisfaction and as required by applicable law, the identity of each new customer, whether regular or occasional and the purpose of the intended nature of relationship.

KYC verification may be conducted through:

• Physical Verification
• Video-Based KYC (V-CIP)
• Digital KYC

OVDs and PAN verification shall be mandatory.

When the Company has a doubt about the authenticity or adequacy of the customer identification data obtained by the Company. Customer identification means identifying the customer and verifying his/ her/ its identity by using reliable, independent source documents, data or information.

10. Customer Due Diligence (CDD)

CDD involves:

• Identity verification
• Address proof
• Beneficial owner identification
• Source of funds verification
• Purpose of relationship assessment

Enhanced Due Diligence includes:

• Higher monitoring frequency
• Senior management approval

11. Ongoing Due Diligence

Includes:

• Periodic customer data updates
• Review of account activity
• Compliance checks
• Monitoring of unusual patterns

12. Transaction Monitoring

Ongoing monitoring is an essential element of effective KYC procedures. The officials have to effectively control and reduce the risk by having an understanding of the normal and reasonable activity of the customer so that they have the means of identifying transactions that fall outside the regular pattern of activity. However, the extent of monitoring will depend on the risk sensitivity of each account. Officials should pay special attention to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose.

The Company may prescribe threshold limits for a particular category of accounts and pay particular attention to the transactions which exceed these limits. Transactions that involve large amounts of cash inconsistent with the normal and expected activity of the customer should particularly attract the attention of the officials. Very high account turnover inconsistent with the means of the customer may indicate that funds are being 'washed' through/into the account. High-risk accounts have to be subjected to intensified monitoring. The Company should put in place a system of periodical review of risk categorization of accounts and apply enhanced due diligence measures wherever required.

Suspicious transactions are flagged based on:

• Unusual repayment behavior
• Structuring transactions
• Sudden loan closures by cash

13. Reporting to Financial Intelligence Unit-India

As required in Section 12 of the Act the company has to report information of transaction referred to in clause (a) of sub-section (1) of section 12 read with Rule 3 of the Rules relating to cash and suspicious transactions etc. to the Director, Financial Intelligence Unit-India (FIU-IND). The proviso to the said section also provides that where the principal officer has reason to believe that a single transaction or series of transactions integrally connected to each other have been valued below the prescribed value so as to defeat the provisions of this section, such officer shall furnish information in respect of such transactions to the director of FIU-IND within the prescribed time.

The information has to be furnished at the following address by the Principal Officer:

Director, FIU-IND,
Financial Intelligence Unit-India,
6th Floor, Hotel Samrat, Chanakyapuri,
New Delhi-110021.

A copy of information furnished shall be retained by the Principal Officer for the purposes of official record.

The information in respect of the transactions referred to in clause(A), (B) and (BA) of sub-rule (1) of rule 3 of the PML Rules is to be submitted to the Director every month by the 15th day of the succeeding month.

It has to be noted that in terms of Rule 8, while furnishing of information to the Director FIU-IND, delay of each day in not reporting a transaction or delay of each day in rectifying a misrepresented transaction beyond the time limit as specified in this rule shall constitute a separate violation. As advised by the FIU-IND, New Delhi the Company need not submit 'NIL' reports in case there are no Cash/Suspicious Transactions, during a particular period.

14. Record Management

Records shall be retained for a minimum of 5 years after customer relationship termination.

15. Reporting Obligations

The Company shall report:

• STR (Suspicious Transaction Report)
• CTR (Cash Transaction Report)
• NTR (Non-Profit Organization Transaction Report)

Reports shall be submitted through the Principal Officer to FIU-IND.

16. Data Confidentiality

Customer data shall be kept confidential and used only for lawful purposes.

17. Money Laundering and Terrorist Financing Risk Assessment

• The Company shall carry out 'Money Laundering (ML) and Terrorist Financing (TF) Risk Assessment' exercise, on annual basis, to identify, assess and take effective measures to mitigate its money laundering and terrorist financing risk as per RBI's guidelines.
• The risk assessment should be properly documented.
• The outcome of the exercise shall be put up to the Risk Management Committee, constituted by the Board of Directors to which power in this regard has been delegated, and should be available to competent authorities and self regulating bodies, if required.
• The Company shall apply a Risk Based Approach (RBA) for mitigation and management of the identified risk and should have Board approved policies, controls and procedures in this regard.
• The Company shall monitor the implementation of the controls and enhance them if necessary.

18. Review & Amendment

This Policy shall be reviewed annually or upon regulatory changes.