1. PRELIMINARY, APPLICABILITY, AND DEFINITIONS:
1. Purpose and Short TitleThis document shall be known as the KYC Policy of Advait Capital Private Limited (hereinafter referred to as “the Company”). This policy incorporates the principles set forth in the Reserve Bank of India (Non-Banking Financial Companies – Know Your Customer) Directions, 2025, and shall serve as the primary governing framework for customer onboarding and customer due diligence
2. Commencement
This Policy shall come into effect immediately upon approval by the Board of Directors of the Company.
3. Definitions
(i) Unless the context otherwise requires, the terms used in this Policy shall carry the meanings assigned to them under the Prevention of Money-Laundering Act, 2002 (PMLA) and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005:‘Aadhaar number’ shall have the meaning assigned to it in clause (a) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016);
(ii) ‘Act’ and ‘Rules’ mean the Prevention of Money-Laundering Act, 2002 and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, respectively and amendments thereto.
(iii) ‘Authentication’, in the context of Aadhaar authentication, means the process as defined under sub-section (c) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.
(iv) ‘Beneficial Owner (BO)’
(a) Where the customer is a company, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical persons, has / have an controlling ownership interest or who exercises control through other means. Explanation: For the purpose of this sub-clause
- ‘Controlling ownership interest’ means ownership of / entitlement to more than 10 percent of the shares or capital or profits of the company.
- ‘Control’ shall include the right to appoint the majority of the directors or to control the management or policy decisions including by virtue of their shareholding or management
rights or shareholders agreements or voting agreements.
(b) Where the customer is a partnership firm, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person(s), has / have ownership of / entitlement to more than 10 percent of capital or profits of the partnership or who exercises control through other means.
(c) Explanation: For the purpose of this sub-clause, control’ shall include the right to control the management or policy decision. Where the customer is an unincorporated association or body of individuals, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has / have ownership of / entitlement to morethan 15 percent of the property or capital or profits of the unincorporated association or body of individuals. Explanation: Term ‘body of individuals’ includes societies. Where no natural person is identified under (a), (b) or (c) above, the beneficial owner is the relevant natural person who holds the position of senior managing official.
(d) Where the customer is a trust, the identification of beneficial owner(s) shall include identification of the author of the trust, the trustee, the beneficiaries with 10 percent or more interest in the trust and any other natural person exercising ultimate effective control over the trust through a chain of control or ownership
v) ‘Certified Copy’ – Company obtaining the certified copy shall mean comparing the copy of the proof of possession of Aadhaar number (where offline verification cannot be carriedout) or the officially valid document produced by the customer with the original, and an authorised officer of the Company shall record the comparison on the copy as per the provisions contained in the Act. Provided that in case of Non-Resident Indians (NRIs) and Persons of Indian Origin (PIOs), as defined in Foreign Exchange Management (Deposit) Regulations, 2016 {FEMA 5(R)}, the Company may alternatively obtain the original certified copy, certified by any one of the following:
(a) authorised officials of overseas branches of Scheduled Commercial Banks registered in India,
(b) branches of overseas banks with whom Indian banks have relationships,
(c) Notary Public abroad,
(d) Court Magistrate,
(e) Judge,
(f) Indian Embassy / Consulate General in the country where the non-resident customer resides.
(vi) ‘Central KYC Records Registry (CKYCR)’ means an entity defined under Rule 2(1) of the Rules, to receive, store, safeguard and retrieve the KYC records in digital form of a customer.
(vii) ‘Designated Director’ means a person whom the Company designates to ensure overall compliance with the obligations imposed under chapter IV of the PML Act and the Rules and
shall include the Managing Director or a whole-time Director, whom the Board of Directors has duly authorised. Explanation: For the purpose of this clause, the terms ‘Managing Director’ and ‘Whole- time Director’ shall have the meaning assigned to them in the Companies Act, 2013.
(viii) ‘Digital Signature’ shall have the same meaning as assigned to it in clause (p) of sub- section (1) of section (2) of the Information Technology Act, 2000 (21 of 2000).
(ix) ‘Equivalent e-document’ means an electronic equivalent of a document that the issuing authority of such document issues with its valid digital signature, including documents issued to the digital locker account of the customer as per rule 9 of the Information Technology (Preservation and Retention of Information by Intermediaries Providing Digital Locker Facilities) Rules, 2016.
(x) ‘Group’ – The term ‘group’ shall have the same meaning assigned to it in clause (e) of sub-section (9) of section 286 of the Income-tax Act,1961 (43 of 1961).
(xi) ‘Know Your Client (KYC) Identifier’ means the unique number or code that the Central KYC Records Registry assigns to a customer.
(xii)‘Non-profit organisations (NPO)’ means any entity or organisation, constituted for religious or charitable purposes referred to in clause (15) of section 2 of the Income-tax Act, 1961 (43 of 1961), that is registered as a trust or a society under the Societies Registration Act, 1860 or any similar State legislation or a company registered under section 8 of the Companies Act, 2013 (18 of 2013).
(xiii) ‘Officially Valid Document (OVD)’ means the passport, the driving licence, proof of possession of Aadhaar number, the Voter’s Identity Card that the Election Commission of India issues, the job card that NREGA issues and an officer of the State Government duly signs, and the letter that the National Population Register issues containing details of name and address.
Provided that, (a) where the customer submits his proof of possession of Aadhaar number as an OVD, he may submit it in such form that the Unique Identification Authority of India (UIDAI) issues
(b) When the customer furnishes an OVD that does not have an updated address, the Company shall deem the following documents or the equivalent e-documents thereof to be OVDs for the limited purpose of proof of address:-
- utility bill which is not more than two months old of any service provider (electricity, telephone, post-paid mobile phone, piped gas, water bill); property or Municipal tax receipt;
- pension or family pension payment orders (PPOs) issued to retired employees by Government Departments or Public Sector Undertakings, if they contain the address;
- letter of allotment of accommodation from employer that is issued by State Government or Central Government Departments, statutory or regulatory bodies, public sector
undertakings, scheduled commercial banks, financial institutions and listed companies and leave and licence agreements with such employers allotting official accommodation;
(c) the customer shall submit OVD with current address within a period of three months of submitting the documents specified at (b) above
(d) if the OVD that a foreign national presents does not contain the details of address, the Company shall accept documents that Government departments of foreign jurisdictions issue, and a letter that the Foreign Embassy or Mission in India issues, as proof of address.
Explanation: For the purpose of this clause, the Company shall deem a document to be an OVD even if there is a change in the name subsequent to its issuance provided that it is supported by a marriage certificate that the State Government issues or a Gazette notification, indicating such a change of name.
(xiv) ‘Offline verification’ shall have the same meaning as assigned to it in clause (pa) of section 2 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and
Services) Act, 2016 (18 of 2016).
(xv) ‘Person’ has the same meaning assigned in the Act and includes:
(a) an individual,
(b) a Hindu undivided family,
(c) a company,
(d) an association of persons or a body of individuals, whether incorporated or not,
(e) every artificial juridical person, not falling within any one of the above persons (a to e), and (f) any agency, office or branch owned or controlled by any of the above persons (a to f).
(xvi) ‘Principal Officer’ means the Company nominated officer at the management level, responsible for furnishing information as per rule 8 of the Rules.
(xvii) ‘Suspicious transaction’ means a ‘transaction’ as defined below, including an attempted transaction, whether or not made in cash, which, to a person acting in good faith:
(a) gives rise to a reasonable ground of suspicion that it may involve proceeds of an offence specified in the Schedule to the Act, regardless of the value involved; or
(b) appears to be made in circumstances of unusual or unjustified complexity; or
(c) appears to have no economic rationale or bona fide purpose; or
(d) gives rise to a reasonable ground of suspicion that it may involve financing of the activities relating to terrorism.
Explanation: Transaction involving financing of the activities relating to terrorism includes transaction involving funds that the Company suspects are linked or related to, or to be used for terrorism, terrorist acts or by a terrorist, terrorist organisation or those who finance or are attempting to finance terrorism.
(xviii) (1) ‘Transaction’ means a purchase, sale, loan, pledge, gift, transfer, delivery or the arrangement thereof and includes:
(a) opening of an account;
(b) deposit, withdrawal, exchange or transfer of funds in whatever currency, whether in cash or by cheque, payment order or other instruments or by electronic or other non-physical means;
(c) the use of a safety deposit box or any other form of safe deposit;
(d) entering into any fiduciary relationship;
(e) any payment made or received, in whole or in part, for any contractual or other legal obligation; or
(f) establishing or creating a legal person or legal arrangement.
(2) Unless the context otherwise requires, terms in this Policy shall bear the meanings assigned to them below:
(i) ‘Common Reporting Standards (CRS)’ means reporting standards set for implementation of multilateral agreement signed to automatically exchange information based on Article 6 of the Convention on Mutual Administrative Assistance in Tax Matters.
(ii) ‘Customer’ means a person who is engaged in a financial transaction or activity with the Company and includes a person on whose behalf the person who is engaged in the transaction or activity, is acting.
(iii) ‘Walk-in Customer’ means a person who does not have an account-based relationship with the Company, but undertakes transactions with the Company.
(iv) ‘Customer Due Diligence (CDD)’ means identifying and verifying the customer and the beneficial owner using reliable and independent sources of identification.
Explanation: The CDD, at the time of commencement of an account-based relationship or while carrying out occasional transaction of an amount equal to or exceeding ₹50,000 whether conducted as a single transaction or several transactions that appear to be connected, or any international money transfer operations, shall include:
(a) Identification of the customer, verification of their identity using reliable and independent sources of identification, obtaining information on the purpose and intended nature of the business relationship, where applicable
(b) Taking reasonable steps to understand the nature of the customer’s business, and its ownership and control;
(c) Determining whether a customer is acting on behalf of a beneficial owner, and identifying the beneficial owner and taking all steps to verify the identity of the beneficial owner, using reliable and independent sources of identification.
(v) ‘Customer identification’ means undertaking the process of CDD.
(vi) ‘FATCA’ means Foreign Account Tax Compliance Act of the United States of America (USA) which, inter alia, requires foreign financial institutions to report about financial accounts held by U.S. taxpayers or foreign entities in which U.S. taxpayers hold a substantial ownership interest.
(vii) ‘IGA’ means Inter Governmental Agreement between the Governments of India and the USA to improve international tax compliance and to implement FATCA of the USA.
(viii) ‘KYC Templates’ means templates prepared to facilitate collating and reporting KYC data to the CKYCR, for individuals and legal entities.
(ix) ‘Non-face-to-face customers’ means customers who open accounts without visiting the branch / offices of the Company or meeting the officials of the Company.
(x) ‘On-going Due Diligence’ means regular monitoring of transactions in accounts to ensure that transactions are consistent with the Company knowledge about the customers,customers’ business and risk profile, the source of funds / wealth.
(3) ‘Unless defined herein, all other expressions shall have the same meaning as has been assigned to them under the Banking Regulation Act, 1949, the Reserve Bank of India Act, 1935,
the Prevention of Money Laundering Act, 2002, the Prevention of Money Laundering (Maintenance of Records) Rules, 2005, the Aadhaar (Targeted Delivery of Financial and Other
Subsidies, Benefits and Services) Act, 2016 and regulations made thereunder, any statutory modification or re-enactment thereto or as used in commercial parlance, as the case may be.
2. GOVERNANCE AND GENERAL KYC FRAMEWORK
1. KYC Policy Framework & Key Elements
The Board of Directors of the Company hereby delegates the primary oversight of KYC compliance to the Risk Management Committee, which shall ensure the KYC Policy remains updated and duly approved. In accordance with RBI mandates, this policy is built upon the following four pillars:
i. Customer Acceptance Policy;
ii. Risk Management;
iii. Customer Identification Procedures (CIP); and
iv. Monitoring of Transactions
YC details at any branch office of the Company. Information required for Client Due Diligence (CDD) and risk management shall not be shared within the Group.
Internal Compliance: to ensure 100% compliance, the Company establishes the following internal controls:
1. Senior Management Definition: For the purpose of this policy, “Senior Management” shall include the Managing Director, Principal Officer, and Heads of Department. Independent
Evaluation: The compliance function shall undergo an independent evaluation to ensure regulatory alignment.
2. No Outsourcing: While the Company may use third-party tools for data verification, the final decision-making function regarding KYC compliance and customer onboarding shall not be outsourced.
Key Compliance Appointments:
The Company shall appoint and maintain the following statutory roles:
| Sr. | Role | Responsibility |
| 1. | Designated Director | Overall compliance with PML Act obligations. |
| 2. | Principal Officer | Transaction monitoring, reporting(STR/CTR) to FIU-IND, and regulatory liaison. |
The Company shall communicate any changes in the details (Name, Designation, Contact) of both the Designated Director and Principal Officer to FIU-IND and RBI.
Risk Assessment and Risk-Based Approach (RBA): The Company shall conduct a formal ‘Money Laundering (ML) and Terrorist Financing (TF) Risk Assessment‘ at least annually .to
identify, assess and take effective measures to mitigate its money laundering and terrorist financing risk for clients, countries or geographic areas, products, services, transactions or delivery channels, etc.
Factors for Assessment: The process shall evaluate risks related to client and consider all the relevant risk factors before determining the level of overall risk and the appropriate level and type of mitigation to be applied. While preparing the internal risk assessment, the Company shall take cognizance of the overall sector-specific vulnerabilities, if any, that the regulator / supervisor may share with the Company from time to time.
Documentation: The assessment shall be documented properly . Further, the Risk Management Committee shall determine the periodicity of the risk assessment exercise, in alignment with the outcome of the risk assessment exercise. However, the Company shall review it at least annually.
Review & Reporting: The outcome of the annual risk assessment shall be presented to the Board by the Principal Officer. The Board shall be consulted in case of High Risk cases or where further guidance from the Board may be required. The findings will also be used to calibrate the Company’s CDD and monitoring intensity. Depending on the requirement, the Board may engage services of an independent consultant who has knowledge and background on the subject. Such issues categorization shall be kept confidential and shall not be divulged to any third party irrespective of their relationship with Company at any level of organization.
3. CUSTOMER ACCEPTANCE POLICY (CAP)
1. Fundamental Prohibitions and Requirements: The Company shall strictly adhere to the following protocols for customer onboarding before any Transaction with such customer whether such customer is a walk-in customer or not:
Anonymity: The Company shall not open any account or provide credit facilities in anonymous, fictitious, or “benami” names.
1. CDD Pre-condition: No transaction or account-based relationship shall be undertaken without completing the Customer Due Diligence (CDD) procedure.
2. Non-Cooperation: Where the Company is unable to apply appropriate CDD measures, either due to customer non-cooperation or unreliability of documents—no account shall be opened.
In such cases, the Principal Officer shall evaluate the instance for filing a SuspiciousTransaction Report (STR) with FIU-IND.2. Customer Identification & UCIC
3. Mandatory Data: The Company shall explicitly seek mandatory KYC information at the time of account opening and during periodic updates. Any information requested beyond the
regulatory minimum shall be obtained only with the explicit consent of the customer.
4. UCIC Framework: CDD shall be applied at the Unique Customer Identification Code (UCIC) level. If an existing KYC-compliant customer avails of a new loan product, a fresh
identification exercise is not required, provided the existing UCIC data is current.
5. Joint Accounts: CDD procedures shall be followed for all joint account holders without exception.
Verification Standards & Controls
To ensure the integrity of the onboarding process, the following verification steps are mandatory:
- Sanctions Screening: The Company shall check to ensure the customer’s name does not match any person or entity in the RBI/UN Sanctions Lists.
- PAN Verification: PAN details (if obtained) must be verified directly through the Income Tax Department’s verification facility (e.g., NSDL/Protean).
- GST Verification: Where GST details are provided, they must be verified using the GSTN search facility.
- Digital Signatures: Any digital signatures on equivalent e-documents shall be verified as per the Information Technology Act, 2000.
- Third-Party Representation: The Company shall only permit a person to act on behalf of another entity if a valid Power of Attorney (PoA) or Board Resolution is provided and
verified.
2. Financial Inclusion and Anti-Discrimination The Customer Acceptance Policy shall not result in the denial of credit facilities to the general public, especially those who are financially/socially disadvantaged or Persons with Disabilities
(PwDs).
- Rejection Protocol: No application for onboarding or KYC updation shall be rejected without “application of mind”, and the concerned officer shall duly record the specific reason(s) for rejection in the loan file/system.
3. Tipping-Off Prevention
If the Company suspects Money Laundering (ML) or Terrorist Financing (TF) and believes that the CDD process will tip off the customer:
- It shall stop the CDD process immediately.
It shall instead file an STR with FIU-IND through the Principal Officer.
4. RISK MANAGEMENT (RISK CATEGORIZATION)
1. Risk-Based Approach (RBA)
The Company shall adopt a Risk-Based Approach to customer monitoring and due diligence.
This approach ensures that resources are directed proportionately toward higher-risk relationships while simplifying processes for low-risk customers.
2. Customer Risk Categorization (CRC)
The Company shall categorize customers into three distinct levels based on its assessment and risk perception:
- Low Risk
- Medium Risk
- High Risk
The following customers shall be categorized as Level C (Low Risk) risk customers.
Relationships with regulated Financial Institutions in, or having their Head Office in, equivalent jurisdictions or countries that adopted equivalent standards (where reliance is placed on the fact that the Head Office is in an FATF or equivalent country, its policies and procedures must be binding on the country branch or subsidiary concerned).
Relationships with Government departments (Ministerial or Non-ministerial) or their agencies, (including their statutory corporations and their private companies), except those in/from high risk countries (i.e. FATF non-compliant country)
Relationships with listed companies and their subsidiaries. The following customers shall be categorized as Level B (Medium Risk) risk customer:
All relationships not categorized as Level C and Level A
The following customers shall be categorized as Level A(High Risk) risk customer based on the limited due diligence carried out at the time of sanction and as part of legal due diligence by the Company before execution of loan agreement and based on the declaration submitted by company as part of KYC documents.
Government departments or their agencies, statutory corporations and private companies in/from high risk countries ( i.e. FATF non-compliant country)
Relationships involving offshore trust structure. relationships involving bearer shares.
Relationships, whose businesses are vulnerable to Money Laundering (ML) risks such as Gambling, defense and money service bureau and dealers in high value commodities (eg: traders in precious metals, jewelers and antique dealers).
Name of company or its Beneficial Owner appears in the Sanction list by UN Council (UNSCR 1718 Sanctions List of designated Individuals and Entities), or ISIL & Al-Qaida Sanctions list or Taliban Sanctions list maintained pursuant to Security Council resolutions, (ref: https://www.mea.gov.in/Implementation-of-UNSC-Sanctions-DPRK.htm; https://scsanctions.un.org/ohz5jen-al-qaida.html; https://scsanctions.un.org/ohz5jen-al-qaida.html
Name of company or its Beneficial Owner appears in the designated list for obligation under Weapons for Mass destruction (VMD) and their delivery system
Falls under sector specific vulnerabilities as informed by the regulator.
3. Confidentiality and “Non-Tipping Off”
- Secrecy of Risk Grade: The risk categorization assigned to a customer, along with the specific reasons for such categorization, shall remain strictly confidential.
- No Disclosure: Under no circumstances shall this risk grade be revealed to the customer to avoid tipping off.
- Non-Intrusive Data: The Company shall collect additional non-intrusive information related to perceived risks, as specified in the internal KYC operating manual, to refine these risk
profiles without alerting the customer.
5.CUSTOMER IDENTIFICATION PROCEDURE (CIP)
Before the execution of any Loan Agreement, Company shall ensure 100% KYC compliance for the new account of the borrower, all Beneficial Owners, and any authorized signatories.
To standardize this process, ACPL shall utilize the LOS/ LMS where applicable, In cases where these systems are not utilized, the following specific internal forms are mandatory:
ACPL-KYC-A for all individuals (including Beneficial Owners and Signatories) and ACPL- KYC-B for non-individual entities, including the Borrower Company and any Promote Companies.
Mandate for Identification The Company shall perform Customer Identification in the following events:
- Onboarding: At the commencement of any account-based relationship (e.g., loan disbursement) or for any activity whether it is as an agent or principal and whether it is with or without an account being opened.
- Authentication Doubts: Whenever there is a doubt regarding the authenticity or adequacy of previously obtained customer identification data. The Company shall not seek or require “introductions” from existing customers for the purpose of opening new accounts. The Company shall not rely on Customer Due Diligence (CDD) performed by a third party for identifying customers during onboarding or for occasional transactions
9. CUSTOMER DUE DILIGENCE (CDD) PROCEDURE:
1. CUSTOMER DUE DILIGENCE (CDD) PROCEDURE – INDIVIDUALS
A. Documents required: The Company shall obtain and verify the following documents from individuals (including Beneficial Owners, Authorised Signatories, or Power of Attorney holders) when establishing a relationship:
- Aadhaar Requirements:
- Offline Verification: Proof of possession of Aadhaar where the Company can carry out offline verification.
- OVD Alternatives: Where Aadhaar is not provided or offline verification is not possible, any Officially Valid Document (OVD) or its equivalent e-document containing identity and address details.
OR
- CKYCR: A KYC Identifier (CKYC Number) with the customer’s explicit consent to download records from the Central KYC Records Registry AND
- Tax Identification: The PAN (or equivalent e-document) or Form No. 60 where PAN is unavailable.
B. Verification Methodologies
The Company shall apply the following verification protocols based on the document type submitted:
| No. | Document | Mandatory Verification Action |
| 1. | Aadhaar (Voluntary) | Perform UIDAI e-KYC Authentication. If the current address differs from the CIDR data, a self-declaration of the current address is sufficient. |
| 2. | Equivalent E-Document | Verify the Digital Signature (as per IT Act, 2000) and capture a Live Photo. |
| 3 | OVD | |
| 4 | KYC Identifier | Retrieve records online from CKYCR. |
- The Company shall, where its customer submits a proof of possession of Aadhaar Number containing Aadhaar Number, ensure that such customer redacts or blacks out his Aadhaar number through appropriate means where the authentication of Aadhaar number is not required above.
- Due to the nature of business of the Company with single location, the Company shall not conduct any non-face-to-face KYC and similarly, Video-based Customer Identification Process (V-CIP) shall not be offered.
II. CDD FOR SOLE PROPRIETARY FIRMS
1. Dual-Layer Identification Requirement
For opening an account or establishing a credit relationship in the name of a Sole Proprietary Firm, Company shall follow a two-tier identification process:
a. Individual CDD: The Company shall first carry out the full Customer Due Diligence (CDD) of the Sole Proprietor as prescribed in the “CDD for Individuals” section of this policy.
b. Entity-Level Proof: In addition to the proprietor’s identity, the Company shall obtain shall obtain any two of the following documents (or equivalent e-documents) in the name of the proprietary firm:
| No. | Document | Accepted Proofs |
| 1. | Registration Certificate | Udyam Registration Certificate (URC) or any Government- issued business registration. |
| 2. | Shops and Establishment License | Certificate or license issued by municipal authorities under the Shops and Establishment Act. |
| 3 | Sales and Income Tax Returns | Sales tax returns or Income Tax returns filed for the proprietary concern. |
| 4 | CST / VAT / GST Certificate | Valid CST, VAT or GST registration certificate in the firm’sname. |
| 5 | CST / VAT / GST Certificate | Valid CST, VAT or GST registration certificate in the firm’sname. |
| 6 | CST / VAT / GST Certificate | Valid CST, VAT or GST registration certificate in the firm’sname. |
| 7 | CST / VAT / GST Certificate | Valid CST, VAT or GST registration certificate in the firm’sname. |
| 8 | CST / VAT / GST Certificate | Valid CST, VAT or GST registration certificate in the firm’sname. |
2. Exception Protocol: Single Document Acceptance
In exceptional cases where the Company is satisfied that the customer is unable to furnish two documents, the Company may, at its discretion, accept only one document from the list above.
- Mandatory Safeguards for Single Document Cases:
- Contact Point Verification (CPV): The Company shall invariably conduct a physical or digital visit to the business location.
- Establishment of Existence: The Company shall collect additional information/clarifications to verify that the business activity is indeed being carried out from the declared address.
- Approval Authority: Such exceptions must be authorized by the Managing Director and documented in the loan file.
3. Verification
All documents obtained must be verified against the issuing authority’s database (e.g., GSTN portal, Udyam portal) to ensure authenticity. The Company shall ensure that the business
activity being funded is consistent with the nature of business described in the submitted proofs.
II. CDD FOR LEGAL ENTITIES AND JURIDICAL PERSONSAL.
A. CDD for Companies
For establishing a credit relationship with a corporate entity, Company shall obtain certified copies (or equivalent e-documents) of the following:
i. Constitutional Documents: Certificate of Incorporation, Memorandum of Association (MoA), and Articles of Association (AoA).
ii. Tax Identification: PAN of the Company (Mandatory).
iii. Authority Framework: A specific Resolution from the Board of Directors and a Power of
Attorney (PoA) granted to managers, officers, or employees authorized to transact on its behalf.
iv. Key Personnel Identification:
a. Full KYC documents for Beneficial Owners, managers, or employees holding the PoA.
b. A formal list containing the names of persons holding senior management positions.
v. Address Verification: Proof of the registered office and the principal place of business (if different).
B. CDD for Partnership Firms
The Company shall verify the following for all partnership concerns (including unregistered firms treated as unincorporated associations):
i. Registration & Constitution: Registration Certificate and the Partnership Deed.
ii. Taxation: PAN of the Partnership Firm.
iii. Identity Verification:
a. Full KYC for Beneficial Owners and authorized signatories.
b. A list containing the names of all partners and their permanent addresses.
iv. Location: Registered office address and principal place of business if it is different.
C. CDD for Trusts
For Trust accounts, the Company shall ensure the following:
i. Governance Documents: Registration Certificate and the Trust Deed. ii. Taxation: PAN or Form No. 60 of the Trust. iii. Identification of Parties: a. Names of the beneficiaries, trustees, settlor, protector (if any), and authors of the Trust. b. Full KYC for the Beneficial Owners and individuals authorized to transact. iv. Mandatory Disclosure:Trustees are required to disclose their status explicitly at the commencement of the relationship. v. Active Management: A list of current trustees and KYC for those discharging trustee roles and authorized to transact.
D. Unincorporated Associations and Body of Individuals (including Societies)
For entities such as societies or unregistered associations:
i. Resolution: Resolution of the managing body of such association or body of individuals
ii. Taxation: PAN or Form No. 60 of the association/body.
iii. Authorized Persons: PoA and full KYC for beneficial owners and authorized signatories.
iv. Legal Existence: The Company shall obtain such supplementary information as required to
collectively establish the legal existence of the entity.
E. Other Juridical Persons (Universities, Local Bodies, etc.)
For juridical persons not covered above (e.g., Panchayats, Universities):
i. Authorization: Official document naming the person(s) authorized to act on behalf of the entity.
ii. Signatory KYC: Full KYC of the attorney holder/authorized signatory.
iii. Existence Proof: Documentary evidence to establish the entity’s legal status.
II. Determination of Beneficial Ownership
For establishing a relationship with any Legal Person (non-individual), Company shall identify the Beneficial Owner(s). In line with the Rule 9(3) of the PML Rules, the Company shall apply the following thresholds to identify natural persons who ultimately own or control the entity.
Thresholds for Identification
A “Beneficial Owner” is a natural person who, acting alone or together through one or more juridical persons, has a controlling ownership interest or exercises control.
Mandatory Thresholds :
| No. | Entity Type | Beneficial Ownership Threshold |
| 1. | Company | ≥ 10% of shares, capital, or profits. |
| 2. | Partnership Firm | ≥ 10% of capital or profits. |
| 3 | Unincorporated Association / BOI | ≥ 15% of property, capital, or profits. |
| 4 | Trust | All Settlors, Trustees, Protectors, and Beneficiaries with ≥ 10% interest. |
Exemptions for Listed Entities
It is not necessary to identify or verify the individual shareholders or beneficial owners where the customer (or the entity holding controlling interest) is:
1. An entity listed on a stock exchange in India.
2. An entity resident in a Central Government-notified jurisdiction and listed on a recognized
stock exchange there.
3. A majority-owned subsidiary of the listed entities mentioned above.
Fiduciary and Intermediary Accounts In cases of trust / nominee or fiduciary accounts, the Company determines whether the customer is acting on behalf of another person as trustee / nominee or any other intermediary. In such cases, Compamy shall obtain satisfactory evidence of the identity of the intermediaries and of the persons on whose behalf they are acting, as well as details of the nature of the trust or other arrangements in place.
IV. ONGOING DUE DILIGENCE & PERIODIC UPDATION
Ongoing Monitoring & Transactional Surveillance:
Company shall undertake continuous monitoring of customer relationships to ensure transactions align with the Company’s knowledge of the customer’s business, risk profile, and source of funds.
Red Flag Indicators: The Company shall necessarily monitor:
1. Large/complex transactions (including RTGS) with no apparent economic rationale.
2. Transactions exceeding category-specific thresholds.
3. High turnover inconsistent with account balances. 4.Large cash withdrawals following third-party cheque/draft deposits.
For ongoing due diligence, the Company may consider adopting appropriate innovationsincluding artificial intelligence and machine learning (AI and ML) technologies to support
effective monitoring.
The Company shall align the extent of monitoring with the risk category of the customer.
1. The Company shall implement a system for the periodic review of risk categorization of all accounts at least once every 6 months to determine the necessity of applying Enhanced Due
Diligence (EDD) measures.
2. Company shall closely monitor the transactions in accounts of marketing firms, especially accounts of Multi-level Marketing (MLM) companies.
Explanation: The Company shall subject high-risk accounts to more intensified monitoring.
3. Periodic Updation Timelines: The Company shall adopt a risk-based schedule for KYC updating from the date of account opening/last update:
| Sr. | Risk Category | Updation Frequency |
| 1. | High Risk | At least once every 2 years |
| 2. | Medium Risk | At least once every 8 years |
| 3 | Low Risk | At least once every 10 years |
Exceptional Measures: The Company reserves the right to trigger exceptional KYC measures, including requiring a fresh photograph, mandatory physical presence for verification, or increasing the frequency of updates beyond the regulatory minimum if a customer’s risk profile deteriorates.
4. Updation Procedures Individuals:
The Company shall simplify the update process based on the nature of changes:
- No Change in Info: Obtain a self-declaration via registered email, mobile (OTP), digital channels/app, or letter
- Change in Address Only: Obtain a self-declaration of the new address through digital/physical channels. Positive confirmation (e.g., address verification letter or contact point verification) must be completed within two months by obtaining an OVD or deemed OVD.
- Minors Turning Major: Upon a minor reaching adulthood, the Company shall obtain a fresh photograph and ensure the file meets current CDD standards (carrying out fresh KYC if
required). - Legal Entities (LE):
- If no change: Obtain self-declaration (via email/Board Resolution) and verify Beneficial Ownership (BO) accuracy.
- If change exists: Process as a new customer onboarding.
5. Structured Communication & Reminders
Company shall follow a strict notice protocol:
- Advance Notices: At least three (3) intimations before the due date (including at least one by physical letter).
- Post-Due Reminders: At least three (3) reminders after the due date (including at least one by physical letter).
- All communications shall be logged in the system or sent by emails to maintain a clear audit trail.
E. ENHANCED DUE DILIGENCE (EDD) PROCEDUREF. SPECIALIZED ENHANCED DUE DILIGENCE FOR POLITICALLY EXPOSED PERSONS
(i) Politically Exposed Persons (PEPs)
Company shall exercise heightened caution when establishing relationships with Politically Exposed Persons (PEPs) or family members of such PEPs or related parties of such PEPs, whether they are the primary customer or the Beneficial Owner.
Definition: PEPs are individuals entrusted with prominent public functions by a foreign country (e.g., Heads of State, senior politicians, judicial/military officers, or senior executives of state-owned corporations). This classification also extends to their family members and close associates.
Mandatory Controls:
a. Detection: The Company shall maintain a risk management system (including database screening) to identify if a customer/BO is a PEP.
b. Wealth Validation: The Company shall take reasonable measures to establish the source of funds and source of wealth.
c. Approval: Establishing a relationship with a PEP requires Managing Director approval.
d. Status Change: If an existing customer subsequently becomes a PEP, the Company must
obtain Managing Director approval to continue the relationship.
e. Monitoring: All PEP accounts shall be categorized as High-Risk and subject to continuous enhanced monitoring.
6. RECORD MANAGEMENT & REPORTING
1. Maintenance and Preservation of Records
The Company shall implement a robust record-keeping system to comply with the PML Act and Rules. The Company shall ensure that all data is stored in a manner that allows for the swift reconstruction of individual transactions and provides an audit trail for regulatory authorities.
- Transaction Records: The Company shall maintain all necessary records of domestic and international transactions for at least five (5) years from the date of the transaction.
- Identification Records: Records pertaining to customer identification (KYC documents), addresses, account files, and business correspondence shall be preserved for at least five (5) years after the business relationship has ended or the account is closed.
- Scope of Records: Per the regulatory explanation, “identification records” shall also include results of any risk analysis undertaken and all updated versions of identification data.
2. Transaction Reconstruction Requirements
The Company shall maintain a system under Rule 3 of the PML Rules, 2005, capturing sufficient detail to permit the reconstruction of any transaction. Mandatory data points include:
1. Nature of the transaction.
2. Amount and the currency denomination.
3. Date of the transaction.
4. Identity of the parties involved in the transaction.
3. Data Retrieval and Reporting
- Accessibility: The Company shall evolve an information retrieval system (hard or soft format) that ensures transaction data and KYC records are made available swiftly to competent authorities upon request.
- Storage Format: Records may be maintained in hard or soft (digital) format, provided they are secure and easily retrievable.
4. Non-Profit Organisations (NPOs)
For customers identified as Non-Profit Organisations (NPOs):
- DARPAN Portal Registration: The Company shall verify if the NPO is registered on the DARPAN Portal of NITI Aayog.
- If the NPO is not registered, the Company shall ensure its details are registered on the portal.
- Specific Retention: Registration records for NPOs shall be maintained for five (5) years after the relationship has ended or the account closed, whichever is later.
8. REPORTING REQUIREMENTS TO FIU-IND:
1. Statutory Reporting Obligations
Company shall furnish to the Director, Financial Intelligence Unit-India (FIU-IND), all information referred to in Rule 3 of the PML (Maintenance of Records) Rules, 2005.
2. Reporting Formats and Technical Utilities
The Company shall utilize the prescribed reporting formats and comprehensive guides released by FIU-IND.
- Automated Extraction: The Company shall adopt suitable technological tools to extract Cash Transaction Reports (CTR) and Suspicious Transaction Reports (STR) directly from
its live transaction data if the Company offers any products that have a potential for such transactions.
3. Timelines and Penalty for Delay
The Company acknowledges that time is of the essence in regulatory reporting and that delays attract penalties.
4. Confidentiality and “Anti-Tipping Off”
The Company, its directors, and all employees are strictly prohibited from disclosing the fact that an STR or CTR is being processed or has been furnished to FIU-IND.
- Exception for Risk Management: This confidentiality does not inhibit the sharing of unusual transaction analysis within the group for risk management purposes, as permitted under RBI Directions.
9. INTERNATIONAL AGREEMENTS & SANCTIONS COMPLIANCE
1. Obligations under UAPA, 1967 (Terrorist Financing)
Company shall strictly adhere to Section 51A of the Unlawful Activities (Prevention) Act, 1967.Sanctions Screening: The Company shall ensure no accounts are opened or maintained for individuals/entities appearing in the UNSC Sanctions Lists, specifically:
(i) The ‘ISIL (Da’esh) & Al-Qaida Sanctions List’, established and maintained pursuant to Security Council resolutions 1267 / 1989 / 2253, which includes names of individuals and entities associated with Al-Qaida, is available at www.un.org/securitycouncil/sanctions/1267/aq_sanctions_list
(ii) The ‘Taliban Sanctions List’, established and maintained pursuant to Security Council resolution 1988 (2011), which includes names of individuals and entities associated with the Taliban is available at https://www.un.org/securitycouncil/sanctions/1988/materials
- Daily Verification: The Company shall verify the aforementioned lists, including the Schedules to the Prevention and Suppression of Terrorism Order, 2007, on a. This daily check shall be automated within the Company’s Loan Management System (LMS) to account for additions or deletions immediately.
Reporting & Freezing: Any match shall be reported to FIU-IND and the Ministry of Home Affairs (MHA) within 24 hours.
- The Company shall strictly follow the Freezing of Assets procedure as per the UAPA Order dated February 2, 2021.
2. Obligations under WMD Act, 2005 (Proliferation Financing) The Company shall ensure meticulous compliance with Section 12A of the Weapons of Mass Destruction (WMD) and their Delivery Systems (Prohibition of Unlawful Activities) Act, 2005.
- Designated List Checks: The Company shall run a check against the designated WMD list (available on the FIU-India portal) at the time of establishing a relationship and on a periodic basis.
- Match Protocol: If a match is identified, the Company shall:
1. Cease transactions immediately.
2. Inform the Central Nodal Officer (CNO) (Director, FIU-India) via email, FAX, and post without delay.
3. Send copies to the State Nodal Officer and the RBI. - Unfreezing: Requests for unfreezing shall be forwarded to the CNO within 2 working days.
3. DPRK and Other UNSC Resolutions
- The Company shall verify the UNSCR 1718 Sanctions List (Democratic People’s Republic of Korea) daily via the Ministry of External Affairs (MEA) portal.
- Meticulous compliance with the Implementation of Security Council Resolution on DPRK Order, 2017, is mandatory.
4. Jurisdictions with Insufficient FATF Compliance The Company shall monitor FATF Statements circulated by the RBI to identify “High-Risk Jurisdictions” and “Jurisdictions under Increased Monitoring.”
- Enhanced Due Diligence (EDD): The Company shall apply proportionate EDD to all business relationships involving persons (natural or legal) from countries identified by
FATF as having strategic deficiencies. - Written Findings: The Company shall examine the background and purpose of such transactions, retain written findings, and make them available to the RBI upon request.
5. Technological Implementation
Company shall actively leverage AI-driven name screening tools and fuzzy-logic matching algorithms to meet these sanctions requirements effectively by appointing suitable vendors. This technology shall be used to minimize false positives while ensuring no sanctioned entity bypasses the onboarding firewall.
10. OPERATIONAL OBLIGATIONS & SPECIALIZED CONTROLS:
1. Secrecy, Confidentiality, and Information Sharing
Company shall maintain absolute secrecy regarding customer information arising from contractual relationships.
- Confidentiality: Information collected for account opening shall not be divulged for cross- selling or any other purpose without express customer permission.
- Permitted Disclosures: Disclosure is permitted only under the following four exceptions:
1. Compulsion of law.
2. Duty to the public to disclose.
3. To protect the Company’s interest.
4. With the express or implied consent of the customer.
2. Central KYC Records Registry (CKYCR) Compliance
The Company shall integrate with CERSAI’s CKYCR to ensure a unified KYC ecosystem.
- Upload Timeline: KYC records must be uploaded within 10 days of commencing an account- based relationship.
- Legacy Data: Records for accounts opened prior to April 2017 (individuals) or April 2021 (LEs) shall be uploaded during periodic updation or earlier if updated info is received.
- Identifier Communication: Once a KYC Identifier is generated, the Company shall communicate it to the customer.
- Retrieval vs. Fresh KYC: The Company shall use a customer’s existing KYC Identifier to retrieve records online and shall not require fresh documents unless there is a change in info,
the record is incomplete, or the validity has lapsed.
3. FATCA, CRS, and FCRA Adherence
- Foreign Contributions: The Company shall ensure meticulous adherence to the Foreign Contribution (Regulation) Act, 2010 (FCRA).
- Tax Reporting (FATCA/CRS): As a potential “Reporting Financial Institution,” the Company shall:
1. Register on the Income Tax e-filing portal.
2. Submit Form 61B or ‘NIL’ reports via the Designated Director’s digital signature.
4. Prevention of “Money Mules” and UCIC
Money Mules: The Company shall implement strict monitoring to identify accounts used as “Money Mules” (third-party accounts used for laundering fraud proceeds).
- UCIC: The Company shall allot a Unique Customer Identification Code (UCIC) to all new and existing individual customers.
5. New Technologies and Wire Transfers
- Risk Assessment: Prior to launching new products, delivery mechanisms, or technologies, the Company shall conduct a formal ML/TF risk assessment.
- Wire Transfer Governance:
1. Data Completeness: All cross-border and domestic transfers ≥ ₹50,000 must include full originator and beneficiary details (Name, Account/Ref Number, Address/ID).
2. Unregulated Entities: If any unregulated entity is involved in the transfer chain, the Company shall ensure unhindered information flow and include a termination clause in agreements if KYC requirements are not met.
3. Retention: Intermediary roles must retain records for at least five years if technical limits prevent the transmission of full info.
6. Personnel: “Know Your Employee” (KYE)
The Company shall integrate a “Know Your Employee” screening mechanism into its recruitment process.
- Integrity Standards: Staff in KYC/AML roles must possess high ethical standards and undergo ongoing training.
- Specialized Training: Training shall be tailored specifically for frontline staff (customer education), compliance staff to ensure they are well-versed in changing global and national AML/CFT landscapes.
FORM: ACPL-KYC-A (INDIVIDUAL INFORMATION)
Advait Capital Private Limited Know-Your-Customer (KYC) Form A (For Individuals: Authorized Signatory / Beneficial Owner Only)
I. PERSONAL PROFILE
A. Full Legal Name: Mr./Ms./Mrs. _____________________________________________
B. Full Residential Address: _________________________________________________
C. Date of Birth: [DD/MM/YYYY] _____________________________________________
D. PAN No.: ______________________________________________________________
E. Passport No.: (Mandatory only for Non-Resident Individuals) _______________________
F. CKYC Identifier No.: (If available) ___________________________________________
G. Educational Background: __________________________________________________
II. MANDATORY CONSENT & DECLARATION
I/We hereby authorize Advait Capital Private Limited for the purposes of their credit appraisal and regulatory review to access my/our records from CKYCR, Income Tax (PAN), and UIDAI (Aadhaar) databases from time to time as may be required by them. I confirm that the information provided above is true and correct as per my knowledge and I shall notify the Company of any changes within 30 days.
Signature: ………………………………………………….
Name: ………………………………………………………
Date: [DD/MM/YYYY] …………………..
Place: …………………..
LIST OF DOCUMENTS (SELF-ATTESTED / NOTARY PUBLIC)
| No. | Proof of Identity (Copy of any one of the following): | Proof of Address (Copy of any one of the following): |
| 1. | * Passport | * Passport* |
| 2. | * Aadhaar Card | * Aadhaar Card |
| 3 | * Voter’s ID | * Letter/ Certificate issued by current Employer for address proof (in case of for Non-Resident Indian); duly certified |
| 4 | * Driving License | |
| 5 | * ID card issued by any Central/State Govt. |
|
Know-Your-Customer (KYC) Form B
(Only for Non-Individual Customers)
I. CUSTOMER INFORMATION
A. Full Legal Name of ‘Customer’: ___________________________________________
B. Full Registered Address: _________________________________________________
Telephone No.: ____________________ Email ID: __________________________
C. Full Principal Operating Address: (If different from above) ______________________
D. Group Name (if any): _____________________________________________________
E. Name of CEO / MD / CMD: ________________________________________________
F. Name of Key Beneficial Owner: ____________________________________________
G. Nature of Business Activity: ______________________________________________
H. Registration Number (CIN No.): ___________________________________________
I. Date of Incorporation: [DD/MM/YYYY] _______________________________________
J. Legal Constitution: [ ] Public Ltd [ ] Pvt Ltd [ ] JV [ ] Partnership [ ] LLP [ ] Other
K. PAN No. of Company: ____________________________________________________
L. GSTN Number: __________________ M. LEI Number: ______________________
N. CKYC Identifier No. (if any): ______________________________________________
O. Contact Person: Mr./Ms. ____________________ Mobile: ____________________
II. SENIOR MANAGEMENT DETAILS
ACPL requires full profiles of senior management to assess the control structure.
| No. | Name | Designation | Contact No. | Date of Birth | DIN No. | PAN No. | Full Address |
| 1. | |||||||
| 2. |
III. AUTHORIZED SIGNATORIES
Note: Form ACPL-KYC-A is mandatory for every person listed below.
| Sr. | Name of Person | Designation |
| 1. | ||
| 2. | ||
| 3. |
IV. DECLARATION & AUTHORIZATION
I/We hereby confirm that I/We have read and understood the requirement of KYC of Advait Capital Private Limited (ACPL). I/We hereby declare that the particulars given herein are true, correct, and complete. I/We undertake to promptly inform ACPL of any changes within 30 days. I/We hereby authorize Advait Capital Private Limited for the purposes of their review to access my/our records from CKYCR, PAN, and UIDAI databases from time to time.
Signature of Authorized Representative: __________________________________________
Name of the Company: __________________________ Date: ________ Place: _______
MANDATORY DOCUMENT CHECKLIST
The following documents must be submitted along with Form ACPL-KYC-B. All documents must be duly signed and stamped by
the authorized signatory
| Sr. | Entity Type | Mandatory Documents (Certified Copies) |
| 1. | Companies | * Certificate of Incorporation * Memorandum & Articles of Association (MoA & AoA) * Board Resolution & Power of Attorney for Signatories * PAN of the Company |
| 2. | Partnership / LLP | * Registration Certificate * Partnership Deed / LLP Agreement * PAN of the Firm * List of all Partners |
| 3. | Trusts / Societies | * Registration Certificate & Trust Deed * PAN or Form 60 of the Trust * List of Trustees and Settlors |