1. Background

Home Plus Finance Private Limited (hereinafter referred to as the ‘Company’) is engaged in the business of extending financial assistance to entrepreneurs engaged in micro, small and medium enterprises withlimited access to formal financial services, employees working in MSME Sector as a semi-skilled and skilled worker, regular salaried customers, small time professional, etc. In future company also is planning to venture into– Three-Wheeler finance, Auto Finance and Electric Vehicle Finance.

This Policy has been formulated pursuant to the Guidelines issued by the Reserve Bank of India on comprehensive guidelines on Know Your Customer (KYC) norms and Anti-Money Laundering (AML) standards and as advised to NBFCs to ensure that a proper policy framework on KYC and AML measures be formulated and put in place with the approval of the Board vide RBI Master Direction. DBR.AML.BC.No.81/14.01.001/2015-2016 updated as on Jan 09/2020 vide Master Direction DOR AML. BC.No.27/14.01.001/2019-20

Accordingly, in compliance with the guidelines issued by RBI from time to time and for the time being in force, the following KYC & AML policy of the Company is approved by the Board of Directors. This policy is applicable to all categories of products and services offered by the Company. These guidelines shall also apply to all the branches of the Company.

2. Objective

Objective of RBI guidelines is to prevent NBFCs being used, intentionally or unintentionally by criminal elements for money laundering activities. The guidelines also mandates making reasonable efforts to determine the true identity, source of funds, the nature of customer’s business, transfer of loan funds through appropriate banking, in relation to the customer’s business, etc. which in turn helps the Company to manage its risks prudently. Accordingly, the main objective of this policy is to enable the Company to have positive identification of its customers.

3. Key Elements

KYC procedures also enable the Company to know/understand its customers and their financial dealings
better which in turn help them manage their risks prudently. The Company has framed its KYC policy
incorporating the following four key elements:
a. Customer Acceptance Policy
b. Customer Identification Procedure
c. Monitoring of Transaction and
d. Risk Management
e. For the purpose of KYC Policy, a “customer” will be defined as:

i. Any person or entity connected with a financial transaction or activity with a reporting entity and includes a person on whose behalf the person who is engaged in the transaction or activity is acting.
ii. A person or entity that maintains an account and/or has a business relationship with Company.
The one on whose behalf the account is maintained (i.e. the beneficial owner).
iii. Beneficiaries of transactions conducted by professional intermediaries such as Loan Sourcing Associates, Legal Advisors, Technical Advisors, Field Investigating Agencies, Company Secretaries, Chartered Accountants, Solicitors etc. as permitted under the law.

A. CUSTOMER ACCEPTANCE POLICY

The Company shall follow the following norms while accepting and dealing with its customers:

i. No loan is advanced in anonymous or fictitious/benami name.
ii.No account is opened where the Company is unable to apply appropriate CDD (Customer Due Diligence) measures, either due to non-cooperation of the customer or non-reliability of the documents/information furnished by the customer.
iii.No transaction or account based relationship is undertaken without following the CDD procedure.
iv.The mandatory information to be sought for KYC purpose while opening an account and during the periodic updating is specified.‘Optional’/additional information is obtained with the explicit consent of the customer during or after the loan is advanced.
v.CDD Procedure is followed for all the joint /co-applicants/guarantor, while advancing a loan.
vi.Circumstances in which, a customer is permitted to act on behalf of another person/entity, is clearly spelt out.
vii.Suitable system is put in place to ensure that the identity of the customer does not match with any person or entity, whose name appears in the sanctions lists circulated by Reserve Bank of India.
viii.The customer profile contains information relating to customer’s identity, social/financial status, nature of business activity, information about his clients’ business and their location etc. The nature and extent of due diligence will depend on the risk perceived by the Company.
ix.while preparing customer profile the Company will seek only such information from the customer which is relevant to the risk category and is not intrusive. The customer profile will be a confidential document and details contained therein will not be divulged for cross selling or any other purpose.
x. The intent of the Policy is not to result in denial of financial services to general public, especially to those, who are financially or socially disadvantaged. While carrying out due diligence, the Company will ensure that the procedure adopted does not result in denial of services to any genuine customers.

B. CUSTOMER IDENTIFICATION PROCEDURE

i. Customer identification means identifying the customer and verifying his / her identity by using reliable and independent source of documents, data or information to ensure that the customer is not a fictitious person. The Company shall obtain sufficient information necessary to establish, to its satisfaction, the identity of each customer and the purpose of the intended nature of business relationship.The Company shall undertake identification of customers in the following cases:

• Commencement of an account-based relationship with the customer.
• When there is a doubt about the authenticity or adequacy of the customer identification data it has obtained.

 ii. The Company will perform appropriate, specific and where necessary, Enhanced Due Diligence on its customers that is reasonably designed to know and verify the true identity of its customers and to detect and report instances of criminal activity, including money laundering or terrorist financing. The procedures, documentation, types of information obtained and levels of KYC due diligence to be performed will be based on the level of risk associated with the relationship (products, services, business processes, geographic locations) between the Company and the customer and the risk profile of the customer.

 iii. The Company shall take reasonable measures to ascertain and verify the true identity of all customers who transact with the Company. Each business process shall design and implement specific due diligence standards and procedures that are appropriate given the nature of the respective businesses, customers and the associated risks. Such standards and procedures shall include, at a minimum, the following elements.

C. MONITORING OF TRANSACTION

i. Ongoing monitoring is an essential element of effective KYC procedures. The Company can effectively control and reduce the risk only if it has an understanding of the normal and reasonable activity of the customer so that it has the means of identifying transactions that fall outside the regular pattern of activity. However, the extent of monitoring will depend on the risk sensitivity of the loan account. The different business divisions shall pay special attention to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose. High-risk accounts shall be subjected to intensified monitoring.
ii. The Company shall put in place an appropriate software application / mechanism to throw alerts when the transactions are inconsistent with risk categorization and updated profile of customers.
iii. Illustrative list of activities which is construed as suspicious transactions.

• Activities not consistent with the customer’s business, i.e. accounts with large volume of credits whereas the nature of business does not justify such credits as identified at the time of advancing loan.
• Any attempt to avoid Reporting/Record-keeping Requirements/provides insufficient/ suspicious information.
• A customer who is reluctant to provide information required for a mandatory report, to have the report filed or to proceed with a transaction after being informed that the report must be filed.
• Any individual or group that coerces/induces or attempts to coerce/induce the Company employee from not filing any report or any other forms.An account where there are several cash transactions below a specified threshold level to avoid filing of reports that may be necessary in case of transactions above the threshold level, as the customer intentionally splits the transaction into smaller amounts for the purpose of avoiding the threshold limit.

Certain Employees of the Company arousing suspicion

i. An employee whose lavish lifestyle cannot be supported by his or her salary.
ii. Negligence of employees/willful blindness is reported repeatedly.
iii. Some examples of suspicious activities/transactions to be monitored by the operating staff.

• Multiple accounts under the same name
• Refuses to furnish details of the source of funds by which initial contribution is made, source of funds is doubtful, etc;
• There are reasonable doubts over the real beneficiary of the loan.
• Frequent requests for change of address.

D. RISK MANAGEMENT

• The Company has put in place appropriate procedures to ensure effective implementation of KYC guidelines. The implementation procedure covers proper management oversight, systems and controls, segregation of duties, training and other related matters.
• Company’s internal audit and compliance functions play a role in evaluating and ensuring adherence to the KYC policies and procedures.
• As a general rule, the compliance function also provides an independent evaluation of the company’s own policies and procedures, including legal and regulatory requirements.
• Internal Auditors specifically check and verify the application of KYC procedures at the branches and comment on the lapses observed in this regard.
• The compliance in this regard is put up before the Audit Committee of the Board on quarterly intervals.

Risk Categorization

• The Company has a system in place for periodical updation of customer identification data after the account is opened. The periodicity of such updation is not less than once in five years in case of low risk category customers and not less than once in two years in case of high and medium risk categories.
• All the customers under different product categories are categorized into low, medium and high risk based on their profile. The Credit manager while appraising the transaction and rendering his approval prepares the profile of the customer based on risk categorization. Based on the credit appraisal, customer’s background, nature and location of activity, country of origin, sources of funds, client profile, etc., Where the credit head believes that a particular customer falling under a category mentioned below is in his judgment falling in a different category, he may categorize the customer, so long as appropriate justification is provided in the customer file.

Indicative List of Risk Categorization

Low-Risk Category

• Individuals (other than High Net Worth) and entities whose identities and sources of wealth can be easily identified and transactions in whose accounts by and large conform to the known profile is categorized as low risk. (In all probabilities the Company is doing and will continue to do their business with such category of customers).
• For example People belonging to lower economic strata of the society whose accounts show small balances and low turnover.

Medium & High Risk Category

• Customers who are likely to pose a higher than average risk may be categorized as medium or high risk depending on customer’s background, nature and location of activity, country of origin, sources of funds and his client profile etc.
  Illustrative examples are:
• Non Resident customers
• High Net worth Individuals
• Trust, charities, NGO’s and Organization receiving donations
• Companies having close family shareholding or beneficial ownership
• Firms with ‘sleeping partners’
• Politically Exposed Persons (PEPs) of Indian/Foreign Origin
•  Non face-to-face customers
• Those with dubious reputation as per public information available
•  Accounts of bullion dealers and jewelers

4. IDENTIFICATION

CDD Procedure

The company shall obtain the following information from an individual while establishing an account based relationship with

A. Individual

•  Aadhaar Number (Mandatory – For DBT customers) (At the time of receipt of the Aadhaar number, shall carry out, with the explicit consent of the customer, e-KYC authentication (biometric or OTP based) or Yes/No authentication); (For Non-DBT customers, certified copy of any OVD containing details of identity and address along with one recent photograph shall be obtained.)
•  Permanent Account Number (PAN)
•  Passport
•  Voter’s Identity Card
•  Driving License
•  Letter from a recognized public authority or public servant verifying the identity and residence of the customer to the satisfaction of the Company.

The Company shall ensure that the customers (non-DBT beneficiaries) while submitting Aadhaar for Customer Due Diligence, redact or blackout their Aadhaar number in terms of sub-rule 16 of Rule 9 of the amended PML Rules.

The Company may identify a customer through offline verification under the Aadhaar Act with his/her consent.

In case OVD furnished by the client does not contain updated address, certain deemed OVDs for the limited purpose of proof of address can be submitted provided that the OVD updated with current address is submitted within 3 months.

Deemed OVDs are as follows

i. Utility bill which is not more than two months old of any service provider (electricity, telephone, post-paid mobile phone, piped gas, water bill).
ii. Property or Municipal tax receipt.
iii. Pension or family pension payment orders (PPOs) issued to retired employees by Government Departments or Public Sector Undertakings, if they contain the address.
IV. Letter of allotment of accommodation from employer issued by State Government or Central Government Departments, statutory or regulatory bodies, public sector undertakings, scheduled commercial banks, financial institutions and listed companies and leave and license agreements with such employers allotting official accommodation; The information collected from customers for the purpose of opening of account shall be treated as confidential and details thereof shall not be divulged for the purpose of cross selling, or for any other purpose without the express permission of the customer. For Non-Resident Indians (NRIs) and Persons of Indian Origin (PIOs) as defined in Foreign Exchange Management (Deposit)Regulations, 2016 alternatively, the original certified copy of OVD, certified by any one of the following, may be obtained.

• Authorized officials of overseas branches of Scheduled
• Commercial Banks
• registered in India,
• Branches of overseas banks with whom Indian banks have
• relationships,
• Notary Public abroad,
• Court Magistrate,
• Judge,
• Indian Embassy/Consulate General in the country where the non-resident customer resides.

B.Proprietary Firms

For opening an account in the name of a sole proprietary firm, CDD of the individual (proprietor) shall be carried out.
In addition to the above, any two of the following documents as proof of business/ activity in the name of the proprietary firm shall also be obtained:
a. Registration certificate.
b. Certificate/license issued by the municipal authorities under Shop and
Establishment Act.
c. Sales and income tax returns.
d. 24CST/VAT/ GST certificate (provisional/final).
e. Certificate/registration document issued by Sales Tax/Service Tax/Professional Tax authorities.
f. IEC (Importer Exporter Code) issued to the proprietary concern by the office of DGFT or License/certificate of practice issued in the name of the proprietary concern by any professional body incorporated under a statute.
g. Complete Income Tax Return (not just the acknowledgment) in the name of the sole proprietor where the firm’s income is reflected, duly authenticated/acknowledged by the Income Tax authorities.
h. Utility bills such as electricity, water, post-paid (landline telephone / mobile bills), etc.

In cases where the Company is satisfied that it is not possible to furnish two such documents, the Company may, at their discretion, accept only one of those documents as proof of business/ activity.

Provided the Company undertake contact point verification and collect such other information and clarification as would be required to establish the existence of such firm, and shall confirm and satisfy itself that the business activity has been verified from the address of the proprietary concern.

For non-individual customers, PAN/Form No. 60 of the entity (for companies and Partnership firms – only PAN) shall be obtained apart from other entity-related documents. The PAN/Form No. 60 of the authorized signatories shall also be obtained.

C. Company

a. Certificate of incorporation
b. Memorandum and Articles of Association.
c. Permanent Account Number of the Entity.
d. A resolution from the Board of Directors and power of attorney granted to its managers, officers or employees to transact on its behalf.
e. Identification information i.e. any OVD as per Individual in respect of managers, officers or employees holding an attorney to transact on its behalf.

D. Partnership Firms

a. Registration certificate
b. Partnership deed
c. Permanent Account Number of the Entity
d. Identification information i.e. any OVD as per Individual in respect of
managers, officers or employees holding an attorney to transact on its
behalf.

E. Trust

a. Registration certificate
b. Trust deed.
c. Permanent Account Number of the Entity
d. Identification information i.e. any OVD as per Individual in respect of
managers, officers or employees holding an attorney to transact on its
behalf.

F. Unincorporated association or body of individuals

a. Resolution of the managing body of such association or body of individuals.
b. Permanent Account Number or Form No. 60 of the unincorporated association or a body of individuals.
c. Power of attorney granted to him to transact on its behalf
d. An officially valid document in respect of the person holding an attorney to transact on its behalf.
e. Such information as may be required by the bank to collectively establish the legal existence of such an association or body of individuals.

G. Juridical persons

a. Document showing name of the person authorised to act on behalf of the entity.
b. An officially valid document in respect of the person holding an attorney to transact on its behalf and
c. Such documents as may be required by the Company to establish the legal existence of such an entity/juridical person.

The Company also ensures that all the customers namely applicant, co-applicants and guarantor has valid ID proof as prescribed above

5. VERIFICATION

As part of the Credit Policy of the Company, documents and implemented appropriate risk-based procedures designed to verify that it can form a reasonable belief that it knows the true identity of its customers. Verification of customer identity should occur before transacting with the customer. The Company describes the acceptable methods of verification of customer identity, which includes verification through documents or non-documentary verification methods that are appropriate and the associated risks.

A. Verification through documents – DBT Customers

These documents may include, but are not limited to the list of documents that can be accepted as proof of identity and address from customers by the Company as provided in annexure to this policy. These are appropriately covered in the Credit Policy of the Company.

The Company also accepts physical Aadhaar card/letter issued by UIDAI containing details of name, address and Aadhaar number received through post is also accepted as an ‘Officially Valid Document’.

As per RBI instruction the Company also downloads e-Aadhaar from UIDAI website as an officially valid document subject to the following:

1. If the prospective customer knows only his / her Aadhaar number, the Company needs to print the prospective customer’s e-Aadhaar letter in the company directly from the UIDAI portal; or adopt e-KYC procedure as mentioned below.
2. If the prospective customer carries a copy of the e-Aadhaar downloaded elsewhere, the Company prints the prospective customer’s e-Aadhaar letter directly from the UIDAI portal; or adopt e-KYC procedure.

B. Verification through non-documentary methods – non-DBT Customers

Indeed the Company mainly depends upon this method:
1. Contacting or visiting a customer;
2. Independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database, or other source;
3. Checking references with other financial institutions; or
4. Obtaining a financial statement.

6. MAINTENANCE OF RECORDS OF TRANSACTIONS & IDENTITY

As unlikely as it will be in the Company’s case, due to its focus on lower income families, the company has a system of maintaining proper record of transactions prescribed under Rule 3, of the Prevention of Money-Laundering and value of transactions, the procedure and manner of maintaining and verification and maintenance of records of the identity of the clients of the Banking Companies, Financial Institutions and Intermediaries) Rules, 2005, as mentioned below:

• All cash transactions of the value of more than rupees ten lakh or its equivalent in foreign currency.
• All series of cash transactions integrally connected to each other which have been valued below rupees ten lakh or its equivalent in foreign currency where such series of transactions have taken place within a month and the aggregate value of such transactions exceeds rupees ten lakh.
• All cash transactions, where forged or counterfeit currency notes or bank notes have been used as genuine and where any forgery of a valuable security has taken place.
• All suspicious and unlawful transactions whether or not made in cash and by way of as mentioned in the Rules.

Information to be preserved

As per the RBI guidelines, the company maintains the following information in respect of transactions referred to in Rule 3.

• The nature of the transactions.
• The amount of the transaction and the currency in which it was denominated.
• The date on which the transaction was conducted
• The parties to the transaction.

Maintenance and Preservation of records

The company has a system for proper maintenance and preservation of account information in a manner that allows data to be retrieved easily and quickly whenever required or when requested by the competent authorities. The company will maintain for at least five years from the date of cessation of transaction between the company and the customer, all necessary records of transactions, both domestic or international, which will permit reconstruction of individual transactions (including the amounts and types of currency involved if any) so as to provide, if necessary, evidence for prosecution of persons involved in criminal activity.

The company also ensures that records pertaining to the identification of the customer and his / her address (e.g. copies of documents like passports, identity cards, driving licenses, PAN, utility bills etc.) obtained while opening the loan account and during the course of business relationship, are properly preserved for at least five years after the business relationship is ended. The identification records and transaction data will be made available to the competent authorities upon request.

7. ENHANCED DUE DILIGENCE

The company is primarily engaged in MSME finance. It does not deal with such category of customers who could pose a potential high risk of money laundering, terrorist financing or political corruption and are determined to warrant enhanced scrutiny. The existing credit policies of the company in respect of its various businesses ensure that the company is not transacting with such high risk customers.

The company shall conduct Enhanced Due Diligence in connection with all customers or accounts that are determined to pose a potential high risk and are determined to warrant enhanced scrutiny. The company has established appropriate standards, methodology and procedures for conducting Enhanced Due Diligence, which shall involve conducting appropriate additional due diligence or investigative actions beyond what is required by standard KYC due diligence. Enhanced Due Diligence shall be coordinated and performed by the company.

The following are the indicative list where the risk perception of a customer which is considered higher:

i. Customers requesting for frequent change of address/contact details
ii. Sudden change in the loan account activity of the customers.
iii. Frequent closure and opening of loan accounts by the customers.

CIP Notice

Enhanced due diligence is in the nature of keeping the account monitored closely for a recategorisation of risk, updation of fresh KYC documents, field investigation or visit of the customer, etc., which forms part of the credit policies of the businesses.

The Company shall implement procedures for providing customers with adequate notice that the Company is requesting information and taking actions in order to verify their identity. Each business process shall determine the appropriate manner to deliver the notice, which shall be reasonably designed to ensure that the customer is able to view or is otherwise given such notice prior to account opening.

Existing Customer

The requirements of the earlier sections are not applicable to accounts opened by existing customers, provided that the business process has previously verified the identity of the customer and the business process continues to have a reasonable belief that it knows the true identity of the customer. Further, transactions in existing accounts should be continuously monitored and any unusual pattern in the operation of the account should trigger a review of the due diligence measures. Reliance on third-party due diligence: The company shall not only rely on third party due diligence on KYC and AML Practice.

8. APPOINTMENT OF DESIGNATED DIRECTOR / PRINCIPAL OFFICER

Mr. Naresh Girdhar, Director will be the Designated Director who is responsible for ensuring overall compliance as required under PMLA Act and the Rules.

Mr. AlagarsamyManimurugan, Director is designated as Principal Officer who shall be responsible for furnishing of information to FIU-IND.

As per the RBI guidelines, the Principal Officer is located at our corporate office and is responsible for monitoring and reporting of all transactions and sharing of information as required under the law. He maintains a close liaison with enforcement agencies, other NBFCs and any other institution which are involved in the fight against money laundering and combating financing of terrorism.

9. E-KYC

E-KYC authentication facility as defined in Aadhaar (Authentication) Regulations, 2016 and such other modification as may be enacted, means a type of authentication facility in which the biometric information and/or OTP and Aadhaar number securely submitted with the consent of the Aadhaar number holder through a requesting entity, is matched against the data available in the CIDR, and the Authority returns a digitally signed response containing e-KYC data along with other technical details related to the authentication transaction;

10. CKYCR

Company shall capture the KYC information for sharing with the CKYCR in the manner mentioned in the Rules, as required by the revised KYC templates prepared for ‘individuals’ and ‘Legal Entities’ as case may be. Government of India has authorised the Central Registry of Securitisation Asset Reconstruction and Security Interest of India (CERSAI), to act as, and to perform the functions of the CKYCR.