The Reserve Bank of India (RBI) has issued comprehensive ‘Know Your Customer’ (KYC) Guidelines to all Non-Banking Financial Companies (NBFCs) in the context of the recommendations made by the Financial Action Task Force (FATF) on Anti Money Laundering (AML) and Combating Financing of Terrorism (CFT). In view of the same, Goyal Associates Ltd (“Herein after referred as, “the Company” or “NBFC”) has adopted the said KYC guidelines with suitable modifications depending on the activities undertaken by it.
The Company has formulated this KYC Policy based on RBI’s Master Direction- Know Your Customer (KYC) Direction, 2016, dated 25th February 2016, updated as on July 12, 2018.
The Company would ensure strict compliance with the Prevention of Money-Laundering (PML) Act, 2002 and the Prevention of Money-Laundering (PML) (Maintenance of Records) Rules, 2005 and RBI’s Master Direction-KYC Direction, 2016 and any subsequent amendments/ instructions issued by RBI.
The Company is a non-deposit taking NBFC and, as such, is not exposed to many of the risks which a deposit taking company is exposed to. This policy has been approved by the Company’s Board of Directors. Any changes to the policy would need the approval of the Board of Directors. The policy would be updated as and when required.
a) To prevent money laundering or terrorist financing activities; b) To enable the Company to know and understand its Customers and their financial dealings better which in turn help the Company to manage its risks prudently; c) To put in place appropriate controls for detection and reporting of suspicious activities in accordance with applicable laws/laid down procedures; d) To comply with applicable laws and regulatory guidelines; e) To ensure that the concerned staff are adequately trained in KYC/AML/CFT procedures. This KYC Policy should be read in conjunction with related operational guidelines issued from time to time.
The Company is primarily in the business of lending to its customers who are individuals through its app “SalaryDay”. SalaryDay is a mobile app which facilitates the provision of personal loans, based on the details provided by the customer in the mobile application form, and through other modes of communication.
This Policy includes the following elements:
a) Customer Acceptance Policy (CAP)
b) Risk Management
c) Customer Identification Procedures (CIP) and Customer Due Diligence (CDD)
d) Monitoring of Transactions
e) Reliance on third party due diligence
f) Record Keeping
g) Introduction of New Technologies
h) Training Programme
i) Reporting to the Financial Intelligence Unit- India
The Board has nominated a Designated Director, who will ensure overall compliance with the obligations imposed under Chapter IV of the Prevention of Money Laundering Act and the Rules framed thereunder. The name, designation and address of the Designated Director has been communicated to the Financial Intelligence Unit, India (FIU-IND). It would be ensured that the Principal Officer, referred to below, would not be nominated as the Designated Director.
The Board has nominated a senior officer as the Principal Officer, who would be responsible for ensuring compliance, monitoring transactions, and sharing and reporting information to the Financial Intelligence Unit (FIU-IND), as required under the law/regulations. The name, designation and address of the Principal Officer had been communicated to FIU-IND.
a) Customer Acceptance Policy (“CAP”):
The Company’s CAP lays down the criteria for acceptance of Customers. The guidelines in respect of customer relationship in the Company broadly include the following:
The Company would not enter into a transaction with any customer in the following cases:
i. where the customer has furnished an anonymous or fictitious /
ii. where the Company is unable to apply appropriate Customer Due Diligence (CDD) measures, i.e., the Company is unable to verify the identity and / or obtain required documents either due to non-cooperation of the customer or non-reliability of the documents / information furnished by the customer.
iii. where the required Customer Due Diligence (CDD) procedure is not followed.
iv. where the identity of the customer or any of its promoters or directors or partners (if the customer is a corporate entity or a firm) matches with any person or entity whose name appears in the sanction lists circulated by RBI.
v. where the customer is engaged in any business/ activity that is illegal or undesirable.
The Company would not enter into a transaction with such entities and report the matter immediately to RBI and FIU-IND.
The Company would prepare a profile for each new Customer during the credit appraisal, based on risk categorization as mentioned in this Policy. The Customer profile would contain the information relating to the Customer’s identity, social status and nature of employment or business activity. The nature and extent of due diligence will depend on the risk perceived by Company.
At the time of credit appraisal of the Customer, the details would be recorded along with the profile based on the documents provided by the Customer and verified by Company either by itself or through third party sources, subject to satisfaction of prescribed conditions. The documents collected will be as per the product norms as may be in practice. However, while preparing the Customer profile, the Company would seek only such information from the Customer which is relevant to the risk category and which is not intrusive. Any other information from the Customer would be sought separately with his/her consent and after opening the Registered Account. The Customer profile will be a confidential document and details contained therein would not be divulged for cross selling or for any other purposes.
b) Risk Management:
As per the KYC policy, for acceptance and identification, the
Company’s Customers would be categorized based on perceived
risk, broadly into three categories – A, B & C. Category A would
include High Risk Customers, Category B would include Medium
Risk Customers while Category C would include Low Risk
None of the Customers will be exempted from the Company’s KYC procedures, irrespective of the status and relationship with Company or its Promoters. The due diligence to be exercised would depend on the risk categorisation of the customers. Enhanced due diligence will be carried out in respect of customers falling in the medium and high-risk category.
The Company currently lends to salaried Indian resident. Board categorization is based on income, age profile, social loan quotient, credit bureau and other obligations of the customer. Individuals whose identities and sources of wealth can be easily identiﬁed and transactions in whose accounts by and large conform to the known proﬁle, shall be categorized as low risk by the Company. Illustrative examples of a low-risk Customer of the Company would be salaried employees whose salary structures are well deﬁned, people belonging to lower economic strata of the society whose accounts show small balances and low turnover, Government departments and Government owned companies, regulators and statutory bodies etc. In such cases, the Policy may require that only the basic requirements of verifying the identity and location of the Customer are to be met. Customers that are likely to pose a higher-than-average risk to the Company will be categorized as medium or high risk depending on Customer’s background, nature, location of activity, and proﬁle etc. The Company may apply enhanced due diligence measures based on the risk assessment, thereby requiring intensive ‘due diligence’ for higher risk customers, especially those for whom the sources of funds are not clear. Examples of customers for which Company may undertake higher due diligence is as under:
Employees of Trusts, charities, NGOs, and organizations receiving donations,
PEPs of foreign origin,
c) Customer Identification Procedures (“CIP”) and Customer Due Diligence (CDD):
Customer Identification means identifying the Customer and
verifying his/her identity by using reliable, independent source
documents, data or information. The Company would obtain
sufficient information necessary to verify the identity of each
new Customer along with brief details of its employer.
The Company would obtain sufficient identification data to verify the identity of the Customer, his address/location, his employment details and also his recent photograph. The Company does not provide loan to non-individuals and hence this KYC Policy does not refer to documentation and KYC Procedures for Customers that are legal persons or entities. As and when the loan would be accessible to non-individuals, applicable KYC Policy for the same would be included herein in terms of the RBI guidelines. The Company would adhere to the customer identification requirements keeping in view the applicable provisions of the PML Act and Rules and as per the directions issued by RBI in this respect. An indicative list of the nature and type of documents/information that may be relied upon for Customer Identification is given in Annexure I. The Company will formulate and implement a Customer Identification Programme to determine the true identity of its Customers keeping the above in view.
The Company would periodically update the Customer Identification Data after a transaction is entered into. The periodicity of updating of the Customer Identification data would be once in five years in case of low-risk category customers and once in two years in case of high and medium risk categories.
Allotment of Unique Customer Identification Code
The Company will allot a Unique Customer Identification Code (UCIC) while entering into new relationships with individual customers, which would help the Company identify its customers, track the facilities availed, monitor financial transactions in a holistic manner and enable the Company to have a better approach for risk profiling of customers.
d) Monitoring of Transactions:
The Company shall monitor its lending activities and will pay
special attention to all complex, unusually large transactions
and all unusual patterns which have no apparent economic or
visible lawful purpose.
The Company does not accept any deposits. Most of the Company’s loans are small term based EMI loans across all categories of borrowers. Hence the transactions with the Company will at all times be restricted to the EMI/loan repayable over the tenor of the loan. No other transactions what so ever nature other than the repayment of the loan with interest will be carried out by the Customer with the Company.
e) Reliance on third party due diligence
For the purpose of verifying the identity of customers at the
time of commencement of a relationship, the Company may, rely on
customer due diligence done by a third party, subject to the
Necessary information of such customers’ due diligence carried out by the third party is immediately obtained by the Company.
Copies of identification data and other relevant documentation relating to the customer due diligence requirements shall be made available from the third party upon request without delay.
The third party is regulated, supervised or monitored for, and has measures in place for compliance with customer due diligence and record-keeping requirements in line with the requirements and obligations under the PML Act.
The third party is not based in a country or jurisdiction assessed as high risk. However, the ultimate responsibility for customer due diligence will be with the Company.
The Company would ensure that decision-making functions of determining compliance with KYC norms are not outsourced.
f) Record Keeping
The Company would adhere to applicable instructions for maintenance, preservation and reporting of customer account information with reference to the provisions of the PML Act and the Rules made thereunder. The Company would
i. maintain all necessary records of transactions between the
Company and the customer for at least five years from the date
ii. preserve the records pertaining to the identification of the customers and their addresses obtained while sanctioning the loan and during the course of business relationship, for at least five years after the business relationship is ended;
iii. make available the identification records and transaction data to the competent authorities upon request;
iv. introduce a system of maintaining proper record of transactions prescribed under Rule 3 of Prevention of Money Laundering (Maintenance of Records) Rules, 2005 (PML Rules, 2005);
v. maintain all necessary information in respect of transactions prescribed under PML Rule 3 so as to permit reconstruction of individual transactions, including the following:
the nature of the transactions; the amount of the transaction and the currency in which it was denominated; the date on which the transaction was conducted; and the parties to the transaction.
vi. evolve a system for proper maintenance and preservation of account information in a manner that allows data to be retrieved easily and quickly whenever required or when requested by the competent authorities;
vii. maintain records of the identity and address of their customer, and records in respect of transactions referred to in Rule 3 of the PML Rules in hard or soft format.
g) Introduction of New Technologies
Adequate attention would be paid by Company to any money-laundering and financing of terrorism threats that may arise from new or developing technologies. The Company would ensure that appropriate KYC procedures issued from time to time are duly applied before introducing new products/services/technologies.
h) Training Programme
The Company would put in place an adequate screening mechanism
as an integral part of its recruitment/ hiring process of
personnel so as to ensure that person of criminal nature/
background do not get an access to misuse the financial channel.
The Company would conduct ongoing employee training programs so that members of the staff fully understand the rationale behind the KYC Policy and ensure compliance with the same.
Training requirements would have a different focus for front line staff, compliance staff and officer/ staff dealing with new Customers. The front desk staff would be specially trained to handle issues arising from lack of customer education.
i) Reporting to Financial Intelligence Unit – India:
The Company will furnish the required information as referred to
in the PML (Maintenance of Records) Rules, 2005 to the Director,
Financial Intelligence Unit-India (FIU-IND).
In case a Suspicious Transaction Report (STR) is filed, the Company would ensure that the fact of furnishing of STR is kept strictly confidential. It would be ensured that there is no tipping off to the customer at any level.
The Company would put in place a robust management information system, which would highlight/ throw up alerts when the transactions are inconsistent with risk categorization and when there are suspicious transactions.
Details of accounts resembling any of the individuals/entities in lists as referred under the head “Customer Acceptance Policy” or any other UN Security Council Resolutions (UNSCRs) circulated by RBI would be reported to FIU-IND apart from advising Ministry of Home Affairs.
The Company would obtain the information from an individual borrower, as prescribed by RBI from time to time. The documents may be uploaded by the borrower in pdf/jpg format.
1) In respect of individuals eligible for enrolment of Aadhaar, the Company would obtain
Where an Aadhaar number has not been assigned to an individual, proof of application of enrolment for Aadhaar shall be obtained wherein the enrolment is not older than 6 months
In case Aadhaar number is not submitted, certified copy of an Officially Valid Document (OVD) containing details of identity and address and one recent photograph shall be obtained.
2) In case the identity information relating to Aadhaar or PAN does not have the current address, an OVD as defined in the RBI Master Direction and brought out in the Policy may be submitted. In case the OVD furnished by the borrower does not contain the updated address, the following documents shall be deemed as OVDs for the limited purpose of proof of address:
Utility bill which is not more than two months old of any
service provider (electricity, telephone, post-paid mobile
phone, piped gas, water bill)
Leave and License agreements
Letter of allotment of accommodation from employer issued by State Government or Central Government Departments,
statutory or regulatory bodies, PSUs, Scheduled Commercial banks, Financial Institutions and Listed Companies and Leave and License agreements with such employees allotting official accommodation
3) The Company would also obtain the bank statement of the borrower.
PAN Card shall be verified electronically from NSDL so as to ascertain correctness of PAN Number and corresponding name appearing in Income Tax data base. The said verification may be carried out by the Company itself or through an independent Agency.
Similarly AADHAR, Driving License & Voters ID shall be verified through Independent Agency.
Utility Bills and other address KYC will be used to verify address
Customer will electronically upload his selfie.
Bank statement will be used to verify bank account number and salary credits.
All Documents uploaded should be self-certified. Additional documents may be called for, if necessary.
The Company would advise the customer to repay the loan from a Bank with whom Customer has completed all KYC requirements.