Contact Us Service Request
Policy Guidelines on KYC and AML |Myloancare

KYC And AML Policy

BACKGROUND

MyLoanCare Ventures Private Limited is a Private Limited Company registered under the Companies Act, 2013 vide CIN U65100DL2013PTC258637 and registered with the Reserve Bank of India as a Non-Systemically Important, Non-Deposit taking, Non-Banking Finance Company under the category NBFC- ICC vide CoR N-14.03560 dated 23rd Sep, 2021. The Company currently falls under the Base Layer NBFC classification (NBFC-BL) as per the Scale Based Regulation issued by RBI vide circular RBI/2021-22/112 DOR.CRE.REC.No.60/03.10.001/ 2021-22 dated 22nd October 2021.

The Reserve Bank of India has issued comprehensive master directions titled Know Your Customer (KYC) Direction, 2016 vide ref number RBI/ DBR/ 20151-6/ 18 (Master Direction DBR.AML.Bc.No.81/14.01.001/ 2015-16) dated February 26, 2016, as amended from time to time, stipulating KYC norms and Anti-Money Laundering (AML) standards and has advised all NBFCs to ensure that a proper policy framework on KYC and AML measures be formulated and put in place with the approval of the respective Board.

The objective of RBI Master Direction is to prevent regulated entities (RE’s) from being used, intentionally or unintentionally, by criminal elements for money laundering and / or terror funding activities. The guidelines also mandate making reasonable efforts to determine the identity and beneficial ownership of accounts, source of funds, the nature of customer’s business, reasonableness of operations in the account in relation to the customer’s business, etc. which in turn helps the Company to manage its risks prudently.

Thus, in compliance with the guidelines issued by RBI, the following KYC & AML policy of the Company is approved by the Board of Directors of the Company.

This policy is applicable to all categories of products and services offered by the Company as also internal processes for effective and wholesome implementation of KYC and AML directions of RBI.

The Company shall conduct a periodic review of this policy, at least annually, to incorporate best practices prescribed by RBI from time to time and shall make appropriate modifications. The implementation of the Policy will be the responsibility of the entire Company including the Board of Directors and the management team.

'Senior Management’ for the purpose of KYC compliance under this policy shall be constituted of: (a) executive members of the Company’s Board of Directors, (b) head of the risk function at the level of Assistant Vice President and above, (c) compliance officer of the Company, and (d) any other such individual who may be designated as such by the Board from time to time.

In case of conflict between the provisions of this Policy and the RBI KYC regulations, the provisions of the latter shall apply.

Overall responsibility for effective implementation of the policy shall be that of the head of the risk function under the supervision of Senior Management.

Compliance with the KYC provisions under this policy shall be duly reported to the Company’s Audit Committee every quarter within one month of the end of the quarter. Compliance with anti-money laundering and anti-terror funding provisions under this policy shall be duly reported to the Company’s Audit Committee and the Risk and Product Committee every quarter within one month of the end of the quarter. The same may also be taken on record by the Board of Directors.

MyLoanCare will communicate the KYC & AML Policy to the customers and business partners by uploading the same on its website. The policy will be widely disseminated internally among employees and officials of the Company.

  • SCOPE AND APPLICATION OF THE POLICY

    The scope of this policy is:

    • Customer Acceptance Policy:
      • To lay down explicit criteria for acceptance of customers.
      • To define procedures to establish identify of individuals/ non-individual customers for opening of account.
    • Risk Management:
      • To lay down clear procedures and guidelines to classify customers in different risk segments (Low/ Medium/ High)
      • To periodically, and at least annually, assess money laundering (ML) and terrorist financing (TF) risk as part of Company’s operations and to take effective measures to mitigate the same
    • Customer Identification Procedures (CIP):
      • To define acceptable CIP including that for video – CIP
      • To set standards for technology infrastructure used for digital CIP procedures
    • Monitoring of Transactions:
      • To establish processes and procedures to monitor transactions to be able to identify high value transactions and/or transactions of suspicious nature in accounts
      • To develop measures for conducting due diligence in respect of customers and reporting of such transactions.
  • CUSTOMER ACCEPTANCE POLICY

    Definition of a Customer

    Customer means any person as defined under the KYC policy of the RBI.

    More specifically, Customer means a Person who avails a financial product or service from MyLoanCare and includes a person on whose behalf the person who is engaged in the transaction or activity, is acting. A Customer shall include any beneficial owner as defined in KYC guidelines.

    A “Person” shall have the meaning as defined under KYC policy of RBI (and any amendment from time to time by RBI) which at present includes:

    1. an Individual;
    2. a Hindu undivided family (HUF);
    3. a company or a limited liability partnership;
    4. a trust or a society;
    5. a firm including a proprietorship or partnership;
    6. an association of persons or a body of individuals, whether incorporated or not;
    7. every artificial juridical person, not falling within any one of the above person (a to f);
    8. any agency, office or branch owned or controlled by any one of the above persons (a to g)

    • “Non-face-to-face customers” means customers who open account(s) without visiting the branch/offices of MyLoanCare and without meeting the officials of MyLoanCare and without a video-KYC having been conducted as per provisions of this policy.

    DISCLAIMER: This Customer Acceptance Policy does not imply in denial of banking/financial facility to members of the general public, especially those, who are financially or socially disadvantaged.

  • GUIDELINES FOR ACCEPTING CUSTOMERS

    Following norms and procedures will be followed by the Company in relation to its customers who approach the Company for availing financial facilities. While taking decision to grant any one or more facilities to customers as well as during the continuation of any loan account of the customer, the following norms will be adhered to by the Company:

    No account will be opened, and / or money will be disbursed in a name which is anonymous or fictitious or appears to be a name borrowed only for opening the loan account i.e. Benami Account. The MyLoanCare shall insist on sufficient proof about the identity of the customer to ensure his physical and legal existence at the time of accepting the application form from any customer.

    Circumstances, in which a customer is permitted to act on behalf of another person /entity, shall be clearly spelt out in conformity with the established law and practices, as there could be occasions when an account is operated by a mandate holder or where an account may be opened by intermediary in a fiduciary capacity.

    MyLoanCare shall not open any account or give / sanction any loan or enter into financial transactions with a customer where MyLoanCare is unable to apply appropriate customer due diligence (CDD) measures as described in Annexure I of this policy due to any of the following circumstances:

    • No account will be opened, and / or money will be disbursed in a name which is anonymous or fictitious or appears to be a name borrowed only for opening the loan account i.e. Benami Account. The Company shall insist on sufficient proof about the identity of the customer to ensure his physical and legal existence at the time of accepting the application form from any customer.
    • Circumstances, in which a customer is permitted to act on behalf of another person /entity, shall be clearly spelt out in conformity with the established law and practices, as there could be occasions when an account is operated by a mandate holder or where an account may be opened by intermediary in a fiduciary capacity.
    • The Company shall not open any account or give / sanction any loan or enter into financial transactions with a customer where the Company is unable to apply appropriate customer due diligence (CDD) measures as described in Annexure I of this policy due to any of the following circumstances:
      • MyLoanCare is unable to verify the identity of the customer
      • The customer without any valid or convincing reasons refuses to provide documents to MyLoanCare which are needed to determine the risk level in relation to the customer loan applied for by the customer and his paying capacity
      • Information furnished by the customer does not originate from the reliable sources or appears to be doubtful due to lack of supporting evidence.
      • Identity of the customer directly or indirectly matches with any individual terrorist or prohibited / unlawful organizations, whether existing within the country or internationally, or if the customer or beneficiary is found, even remotely, to be associated with or affiliated to any illegal, prohibited or unlawful or terrorist organization as notified from time to time either by Govt. of India, State Govt. or any other national or international body / organization.

      • Subject to the Measures described in Annexure I, MyLoanCare shall:

      • Where Permanent Account Number (PAN) is obtained from the Customer, verify the same from the verification facility of the issuing authority.
      • Where an equivalent e-document is obtained from the customer, MyLoanCare shall verify the digital signature as per the provisions of the Information Technology Act, 2000 (21 of 2000).

      NOTE: Where MyLoanCare has a suspicion of money laundering or terrorist financing, and it reasonably believes that performing the CDD process will tip-off the customer, it shall not pursue the CDD process, and instead file an STR with FIU-IND

    • Subject to the above-mentioned norms and caution, Company will also ensure that these norms and safeguards do not result in harassment or inconvenience to bonafide and genuine customers and that this does not unduly discourage them from dealing with the Company.
    • Any additional information that is not specified in this policy but is sought from the customer as part of KYC, shall be obtained with explicit consent of the customer only.
    • The credit operations team shall, at the time of approving a financial transaction/ activity, or executing any transaction, verify the record of identity, signature proof and proof of address of the customer as provided for in Annexure I to this policy.
    • A Unique Customer Identification Code (UCIC) shall be allotted while entering into new individual customer relationship as also existing ones. Provided that no UCIC is to be issued to walk-in customers unless MyLoanCare opens an account for the said Customer.

      Till further notice, the Company shall extend its loans and/ or credit facilities only to resident Indian individuals and shall not extend loans and / or facilities to any of the following categories:

      • In case of individuals, to Persons other than resident Indians,
      • Minors,
      • Persons who are employees / directors of the Company or its affiliates or relatives of the same, and
      • Trusts, unincorporated association or body of individuals
      • Restricted profiles
  • For opening an account of a Legal Person who is not a natural person, the beneficial owner(s) shall be identified and all reasonable steps in terms of sub-rule (3) of Rule 9 of the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, to verify his/her identity shall be undertaken keeping in view the following:
    • in case of customer being a company, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more judicial persons, has/ have a controlling ownership interest or who exercise control through other means; wherein “controlling ownership interest” means ownership/ entitlement to more than 10 percent of the shares or capital or profits of the company;
    • where the customer or the owner of the controlling interest is (i) an entity listed on a stock exchange in India, or (ii) it is an entity resident in jurisdictions notified by the Central Government and listed on stock exchanges in such jurisdictions, or (iii) it is a subsidiary of such listed entities; it is not necessary to identify and verify the identity of any shareholder or beneficial owner of such entities;
    • in case of customer being a trust, the identification of beneficial owner(s) shall include identification of the author of the trust, the trustee, the beneficiaries with 10 percent or more interest in the trust and any other natural person exercising ultimate effective control over the trust directly or through a chain of control or ownership;
    • in cases of trust/nominee or fiduciary accounts whether the customer is acting on behalf of another person as trustee/nominee or any other intermediary is determined. In such cases, satisfactory evidence of the identity of the intermediaries and of the persons on whose behalf they are acting, as also details of the nature of the trust or other arrangements in place shall be obtained.
    • in case of customer being either a partnership firm or an unincorporated association or body of individuals, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more judicial persons, has/ have ownership of entitlement to more than 15 percent of the property or capital or profits of such entity
  • Before onboarding a customer, the company shall cross check the customer details with list of persons or entities that appear in the RBI defaulters’ list, in the sanctions list under international agreements (as provided for in the of RBI Master Direction)
  • RISK MANAGEMENT
    • The purpose of adopting the below measures and norms while taking decisions on the issue of customer acceptance is twofold. Firstly, the Company should not suffer financially at later stage due to lack of proper due diligence exercise and lack of information which is the exclusive possession of the customers.
    • Secondly, we aim to curb and prevent any practice which is aimed to achieve unlawful objectives or use of financial institutions to perpetuate any criminal or unlawful activities. At the same time, this policy does not aim or intend to deny the benefit of financial services to those who genuinely need such services / facilities due to real lack of their own sufficient financial resources.
    • The risk categorisation of a customer and the specific reasons for such categorisation shall be kept confidential and shall not be revealed to the customer to avoid tipping off the customer.
      • Risk Classification of Customers

        MyloanCare shall categorize its customers into three risk categories based on the risk perceived by MyloanaCare. The three levels of categorization would be:

        • Low Risk,
        • Medium Risk and
        • High Risk.

        The risk categorization would be a function of:

        • Customer’s Identity
        • Whether the customer is an individual or a non-individual
        • Source of income of the customer and its consistency
        • Social and financial status of the customer
        • Nature of the business activity/ job/ role of the customer
        • Whether the customer belongs to segments that are classified as restricted profiles by MyloanCare
        • Customer’s location, geographical risk
        • Type of transaction such as cash/ bank transfer/ forex/ wire transfers etc
        • Other information about the customer retrieved from consented sources including but not limited to CKYCR, credit bureau, EPFO, UIDAI, etc
        • Information from various domestic and international registries under anti-money laundering, anti-terror funding/ FATF provisions.The risk categorization reasons for such categorization shall be kept confidential and shall not be revealed to the customer.

        MyloanCare considers following as restricted profiles for its risks management:

        • Foreign Delegates or those working in Foreign High commissions or Embassies,
        • All politically exposed persons
        • Senior politicians – includes past or present MLA’s, MP’s, state or union ministers, governors, elected heads of local bodies
        • Senior judicial officers – includes those holding rank of Session Judge, District judge and above, members of tribunals and appellate authorities
        • Senior military officers
        • Senior executives of central or state-owned corporations in the rank of L-14 and above
        • Officials of important and leading state, regional and national political parties
        • Non-resident Indians
        • Foreign nationals
        • Entities owned/ controlled by any of the above
        • Low Risk Customers

          Individuals, other than those in restricted roles, meeting the following criteria:

          • Customers with successful CDD, and
          • Those with either no record (new to credit) or reasonable / justifiable track record of past repayment as per bureau report, and
          • In case of salaried customers, employees of private/ public sector corporates/ non corporate employers, government departments or government owned companies, statutory bodies, societies, trusts, partnerships, proprietorships, having regular income from employer as verified from any one or more of recent salary slips, EPFO record, TDS record , income imputed from credit bureau records using algorithm and bank statement, or
          • In case of self-employed professional individuals, valid contract with customer / client with proof of payment or TDS deposited by customer’s client or credit of regular professional fees credit in bank account, or
          • In case of self-employed business-persons, those with
            • valid registration under local shops and establishments act/ GST Act and
            • either TDS deposit by customer’s clients or regular credit in customer’s bank account
        • High Risk Customers

          Following categories of customers are regarded as high-risk customers:

          • all restricted profiles as above
          • customers in whose case sources of income cannot be satisfactorily established from reasonable customary checks
          • customers with high velocity transactions in bank accounts that appear to be unusual to their nature of job/ employment
          • customers with unsatisfactory repayment track record of past obligations as per bureau
        • Medium Risk Customers

          Customers other than those who are covered under the definition of Low Risk and High Risk customers.

      • Information to be obtained for establishing risk classification of customers

        The extent of due diligence requirement will vary from case to case as the same will depend upon risk perceived by the Company while granting credit facilities to customers.

        Cases in which the risk level is higher will require intensive due diligence exercise. Such cases will include those where the sources of funds or sources to repay the loan to the Company are not clearly disclosed or cannot be ascertained from the information submitted by the customer to the Company such as:

        • NRI Customers
        • Trusts and societies (except those set up under a specific regulation)
        • Non-governmental charitable Institutions
        • NGOs and other organizations receiving donations from within or outside the country
        • Partnership firms with sleeping partners
        • Persons with dubious or notorious reputation as per the information available from different sources like media, newspapers etc
        • Restricted profiles as above
        • Non-face to face customers; it is clarified that those customers who are verified using RBI compliant V-CIP process shall not be regarded as non-face to face customers

        For the purpose of preparing customer profile, only such information will be sought from the customers which is needed to decide the risk category to be assigned to the customer.

        Information to be collected from the customers will vary according to categorization of customer from the point of view of risk perceived. However, while preparing customer profile the Company shall seek only such information from the customer which is relevant to the risk category and is not intrusive to the customer. Any other information from the customer should be sought separately with his/her consent and after opening the account.

        MyloanCare shall neither seek nor store any biometric information of the customer. Ordinarily, the customer profile maintained by the MyloanCare will be kept confidential except for cases where the customer himself allows and/or gives consent for the use of the information given in customer profile / application form for offering other products / services of other companies / entities belonging to the MyloanCare's group or any other legal entity with whom the Company is having any business tie-ups. However, while taking any such permission or consent of the customer for using his above referred information provided to the Company, it will be ensured that such permission / consent of the customer is unambiguous and explicit and the purpose of obtaining such consent is clearly disclosed to the customer. In case the customer decides not to provide such necessary consent(s), the Company reserves the right to not process such customers’ loan application but in no circumstances shall a customer be forced to give such consent.

        In case of non-individual borrowers, the Company may, in addition to carrying out KYC and assessing credit worthiness of the borrower entity, also carry out similar checks on the authorized signatories/ partners/ proprietors/ directors/ controlling shareholders of such entities, as may be deemed appropriate and as per applicable law and guidlienes.

        In case of medium risk and high risk category of customers, the Company will apply higher due diligence measures keeping in view the risk level.

        In the event of an existing customer or the beneficial owner of an existing account subsequently becoming a restricted profile, the Company shall reclassify them into the applicable risk category and continue the business relationship with such persons with enhanced monitoring.

      • Periodic updation of KYC

        Revalidation and updation of KYC shall be conducted by the company in following cases:

        • every two years for high-risk customers, once in every eight years for medium risk customers and once in every ten years for low-risk customers from the date of opening of the account / last KYC updation. When there is a doubt or uncertainty with respect to the validity and / or authenticity of the KYC records of the customer
        • Transition of risk profile of a customer from low risk to medium risk or high risk or from medium risk to high risk
        • When mandated or required to do so by way of any direction of a regulatory body, including RBI, or as per any statute or law
        • Aadhaar OTP based e-KYC in non-face to face mode may be used for periodic updation
        • Declaration of current address, if the current address is different from the address in Aadhaar, shall not require positive confirmation in this case. MyLoanCare shall ensure that the mobile number for Aadhaar authentication is same as the one available with them in the customer’s profile, in order to prevent any fraud

        Process for updation of KYC shall be as below:

        Type of Customer Individuals Non Individuals
        No change in KYC information Through self-declaration from the customer from registered email id/ mobile number/ web application login area or mobile application, signed letter Same as individuals with additional requirement for Board resolution and updation / re-confirmation of Beneficial Ownership
        Change in address Through self-declaration from the customer from registered email id/ mobile number/ web application login area or mobile application, signed letter. The updated address shall be verified within two months by any of the following means (a) verification letter (b) contact point verification (c) OVD or deemed OVD as per Annexure I Aadhaar OTP based e-KYC in non-face-to-face mode Same as individuals for authorized signatory/ director/ partner/ beneficial owner
        Change in KYC Information Not applicable At par with fresh customer onboarding and requirements as per Annexure I will apply
      • CUSTOMER IDENTIFICATION PROCEDURE (CIP)

        Customer identification refers to identifying the customer and verifying his / her identity by using reliable, independently sourced documents, data or information. The Company needs to obtain sufficient information necessary to establish, to its satisfaction, the identity of each customer in following cases:

        • at the time of opening an account;
        • at the time of initiating a significant financial transaction in case of existing customers;
        • where the customer is carrying out a transaction that is flagged by the system as being unusual for this customer orthis risk segment;
        • Carrying out any international money transfer operations for a person who is not an account holder of MyLoanCare.
        • When there is a doubt about the authenticity or adequacy of the customer identification data it has obtained.
        • Selling third party products as agents, selling their own products, payment of dues of credit cards/sale and reloading of prepaid/travel cards and any other product for more than rupees fifty thousand.
        • Carrying out transactions for a non-account-based customer, that is a walk-in customer, where the amount involved is equal to or exceeds rupees fifty thousand, whether conducted as a single transaction or several transactions that appear to be connected.
        • When MyLoanCare has reason to believe that a customer (account- based or walk-in) is intentionally structuring a transaction into a series of transactions below the threshold of rupees fifty thousand.

        Outsourcing of customer identification procedure at the time of commencement of account-based relationship:

        MyLoanCare may use the services of and rely on customer due diligence done by one or more third parties, subject to the following conditions:

        • Records or the information of the customer due diligence carried out by the third party is obtained within two days from the third party or from the Central KYC Records Registry.
        • Adequate steps are taken to satisfy that copies of identification data and other relevant documentation relating to the customer due diligence requirements shall be made available from the third party upon request without delay.
        • The third party is regulated, supervised or monitored for, and has measures in place for, compliance with customer due diligence and record-keeping requirements in line with the requirements and obligations under the PML Act.
        • The third party shall not be based in a country or jurisdiction assessed as high risk.
        • The ultimate responsibility for customer due diligence and undertaking enhanced due diligence measures, as applicable, will be with MyLoanCare.

        Carrying out CIP

        The CIP to be adopted will vary by risk segment, nature of information / documents submitted and the type of the customer (individual, corporate etc.) and shall be as follows:

        Type of Customer CDD to be performed Additional Requirement
        Individual Customers On the individual 1. the Aadhaar number where, he decides to submit his Aadhaar number voluntarily to MyLoanCare notified under first proviso to sub-section (1) of section 11A of the PML Act;

        Note 1: MyLoanCare shall carry out authentication of the customer’s Aadhaar number using e-KYC authentication facility provided by the Unique Identification Authority of India. Further, in such a case, if customer wants to provide a current address, different from the address as per the identity information available in the Central Identities Data Repository, he may give a self-declaration to that effect to MyLoanCare

        Note 2: the proof of possession of Aadhaar number where offline verification can be carried out; proof of possession of Aadhaar number where offline verification cannot be carried out or any OVD or the equivalent e-document thereof containing the details of his identity and address (As specified in Annexure II); the KYC Identifier with an explicit consent to download records from CKYCR

        2. the Permanent Account Number or the equivalent e-document thereof or Form No. 60 as defined in Income-tax Rules, 1962 3. such other documents including in respect of the nature of business and financial status of the customer, or the equivalent e-documents thereof as may be required by MyLoanCare.
        Sole Proprietary Firm On the proprietor (individual) Any two of the following documents or the equivalent e-documents there of as a proof of business/ activity in the name of the proprietary firm shall also be obtained: (a)Registration certificate including Udyam Registration Certificate (URC) issued by the Government (b)Certificate/licence issued by the municipal authorities under Shop and Establishment Act (c)Sales and income tax returns (d)CST/VAT/ GST certificate (e)Certificate/registration document issued by Sales Tax/Service Tax/Professional Tax authorities (f)IEC (Importer Exporter Code) issued to the proprietary concern by the office of DGFT or Licence/certificate of practice issued in the name of the proprietary concern by any professional body incorporated under a statute (g)Complete Income Tax Return (not just the acknowledgement) in the name ofthe sole proprietor where the firm's income is reflected, duly authenticated/ acknowledged by the Income Tax authorities (h)Utility bills such as electricity, water, landline telephone bills, etc.
        Company On the beneficial owner, manager, officer or employee, as the case may be, holding an attorney/ authority to transact on the company’s behalf Certified copies of each of the following documents or equivalent e-documents: (a) Certificate of incorporation (b) MoA and AoA (c) PAN of the company (d) A resolution from the Board of Directors and power of attorney granted to its managers, officers or employees to transact on its behalf (e) names of the persons holding senior management position; and (g) registered office and the principal place of its business, if it is different.
        Partnership Firm On the beneficial owner, manager, officer or employee, as the case may be, holding an attorney/ authority to transact on the company’s behalf Certified copies of each of the following documents or equivalent e-documents: (a) Registration certificate (b) Partnership deed (c) PAN of the firm (d) names of all partners (e) registered office and the principal place of its business, if it is different.
        Trust Not eligible under this policy
        Unincorporated body Not eligible under this policy

        The CDD shall be carried out as per Annexure I to this policy.

        MyLoanCare has set up video based customer identification process (V-CIP) process as per specifications in Chapter VI of the RBI’s Master Direction, 2016 vide ref number RBI/ DBR/ 20151-6/ 18 (Master Direction DBR.AML.Bc.No.81/14.01.001/ 2015-16) dated February 26, 2016, and this shall be the preferred mode for conducting CIP in case no other full KYC has been carried out.

        Minimum capabilities of the V-CIP infrastructure are:

        • To be operated from own secured network domain
        • End to end encryption
        • Facility to record customer consent in auditable and alteration proof manner
        • IP protection through positive white-listing and anti-spoofing
        • Capturing live geo-tagging (latitude and longitude) alongwith date and time stamp
        • Good quality of video and audio to establish identity beyond doubt and entire audio and video shall be recorded and available for audit
        • Checks for face liveliness, spoof detection, face matching with OVD
        • All records, including video, audio, audit trail, activity log, date and time stamp, geo-tagging, photo, OVD, etc. shall be stored and maintained electronically on servers based in India in a secure manner as per Chapter VI of the above referred Master Direction.
        • Regular VAPT testing and information security audit by empanelled auditors of CERT-In and shall be carried out periodically and in any event, at least once every two years. Any critical gap reported in such audit shall be mitigated before roll out.

        Operational guidelines for conduct of V-CIP:

        • CIP shall be carried out only by authorized employees/ officials of MyLoanCare and shall not be outsourced.
        • Detailed work flow and standard operating procedure for V-CIP shall be made available to employees who are authorized to conduct V-CIP, a copy of which shall also be available with the credit operations head in MyLoanCare’s premises.
        • Regular and periodic training shall be imparted for conducting V-CIP.
        • Officials carrying out V-CIP must check for face liveliness, cross check that all the essential information such as latitude longitude, face match, etc have been captured, that there is no attempted manipulation or suspicious conduct, that entire V-CIP has been completed in a single session and that there is no prompting of the customer by any third person
        • The official must remain alert at all times and in case any prompting or manipulation is observed during the V-CIP session, the identification shall be rejected and account opening shall not be allowed.
        • In case of disruption, whether due to technical reasons or due to any disruption at either customer or official end, the process shall be repeated afresh. If pause or disruption is not leading to the creation of multiple files, then there a fresh session shall not be initaited. However, in case of call drop / disconnection, fresh session shall be initiated.
        • A clear and readable image of the customer’s original PAN card must be captured except when the customer has provided e-PAN instead of PAN. Note that printed copy of any electronic OVD including e-PAN is not a valid OVD.
        • Official must match the live face of the customer with the photo as per OVD.
        • Official shall ask questions as he/ she may deem fit to establish identity of the customer beyond reasonable doubt and the sequence of these questions shall be varied from case to case or from time to time
        • Official must cross check the identity against the KYC details as available through offline Aadhaar verification or C-KYCR or OVD; in case of offline Aadhaar verification, the xml or QR code must not be more than three days old.
        • V-CIP record shall be concurrently audited by an authorized official of MyLoanCare, other than the one conducting the V-CIP before proceeding with opening the loan account/ processing the transaction.

        Consult sanctions lists/ FATF statements of known or suspected terrorists

        • MyLoanCare shall ensure that, in terms of Section 51A of the Unlawful Activities (Prevention) (UAPA) Act, 1967 and amendments thereto, MyLoanCare does not have any account in the name of individuals/entities appearing in the lists of individuals and entities, suspected of having terrorist links, which are approved by and periodically circulated by the United Nations Security Council (UNSC) and whose names appears in the sanctions lists circulated by Reserve Bank of India.
        • MyLoanCare shall ensure the aforesaid, verifying the name of person or entity through the website of the concerned entity or through the service provider, who provide the said service of third party verification, in compliance applicable provisions/guideline of Reserve Bank of India, the Prevention of Money Laundering Act and rules made thereunder in this regard. Details of accounts/ customers bearing resemblance with any of the individuals/ entities in the list, shall be treated as suspicious and reported to the FIU-IND, apart from advising Ministry of Home Affairs as required under UAPA notification. The Credit Head, will be responsible to ensure that, the name of Borrower is not reflecting in the aforesaid list.
        • MyLoanCare will perform appropriate, specific and where necessary, EDD on its customers that is reasonably designed to know and verify the true identity of its customers and to detect and report instances of criminal activity, including money laundering or terrorist financing. The procedures, documentation, types of information obtained and levels of KYC due diligence to be performed will be based on the level of risk associated with the relationship (products, services, business processes, geographic locations) between MyLoanCare and the customer and the risk profile of the customer.

        Obligations under Weapons of Mass Destruction (WMD) and their Delivery Systems (Prohibition of Unlawful Activities) Act, 2005 (WMD Act, 2005)

        • MyLoanCare shall ensure meticulous compliance with the “Procedure for Implementation of Section 12A of the Weapons of Mass Destruction (WMD) and their Delivery Systems (Prohibition of Unlawful Activities) Act, 2005” laid down in terms of Section 12A of the WMD Act, 2005 vide Order dated January 30, 2023, by the Ministry of Finance, Government of India.
        • MyLoanCare shall run a check at the time of establishing a relation with a customer and on a periodic basis to verify whether individuals and entities in the designated list are holding any funds, financial asset, etc., in the form of bank account, etc.
        • In case of match in the above cases, MyLoanCare shall immediately inform the transaction details with full particulars of the funds, financial assets or economic resources involved to the Central Nodal Officer (CNO). A copy of the communication shall be sent to State Nodal Officer, where the account / transaction is held and to the RBI. MyLoanCare shall file an STR with FIU-IND covering all transactions in the accounts, covered above, carried through or attempted
        • MyLoanCare refer to the designated list, as amended from time to time, available on the portal of FIU-India
        • MyLoanCare shall verify every day, the ‘UNSCR 1718 Sanctions List of Designated Individuals and Entities‘, as available at https://www.mea.gov.in/Implementation-of-UNSC-Sanctions-DPRK.htm, to take into account any modifications to the list in terms of additions, deletions or other changes and also ensure compliance with the ‘Implementation of Security Council Resolution on Democratic People’s Republic of Korea Order, 2017’, as amended from time to time by the Central Government.
        • In case an order to freeze assets under Section 12A is received by MyLoanCare from the CNO, MyLoanCare shall, without delay, take necessary action to comply with the Order.

        MONITORING OF TRANSACTIONS AND MAINTENANCE OF RECORDS OF TRANSACTIONS

        • It is essential for the Company to have a clear knowledge and understanding about the normal working pattern and activity of the customer so that the Company can identify all such unusual transactions which would fall outside the normal transactions of the customer.

          To achieve this purpose, ongoing monitoring is necessary. The extent of such monitoring will depend upon the level of risk involved in a particular account. Any transaction or activity of the customer which gives rise to suspicion will be given special attention. Such monitoring is important to keep a check on any act or omission of the customer which may amount to money laundering or support any act relating to use of finance for criminal activities.Ongoing monitoring is an essential element of effective KYC procedures. MyLoanCare can effectively control and reduce the risk only if it has an understanding of the normal and reasonable activity of the customer so that they have the means of identifying transactions that fall outside the regular pattern of activity. However, the extent of monitoring will depend on the risk sensitivity of the account. The different business divisions should pay special attention to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible legitimate purpose. High-risk accounts have to be subjected to intensified monitoring

        MyLoanCare shall,

        • maintain all necessary records of transactions between MyLoanCare and the customer, both domestic and international, for at least five years from the date of transaction;
        • preserve the records pertaining to the identification of the customers and their addresses obtained while opening the account and during the course of business relationship, for at least five years after the business relationship is ended;
        • make available swiftly, the identification records and transaction data to the competent authorities upon request;
        • introduce a system of maintaining proper record of transactions prescribed under Rule 3 of Prevention of Money Laundering (Maintenance of Records) Rules, 2005 (PML Rules, 2005);
        • maintain all necessary information in respect of transactions prescribed under PML Rule 3 so as to permit reconstruction of individual transaction, including the following:
          • i.the nature of the transactions;
          • ii.the amount of the transaction and the currency in which it was denominated;
          • iii.the date on which the transaction was conducted; and
          • iv.the parties to the transaction.
        • evolve a system for proper maintenance and preservation of account information in a manner that allows data to be retrieved easily and quickly whenever required or when requested by the competent authorities;
        • maintain records of the identity and address of their customer, and records in respect of transactions referred to in PML Rule 3 in hard or soft format.

        SUSPICIOUS TRANSACTION REPORT (STR)

        • A suspicious transaction is one for which there are reasonable grounds to suspect that the transaction is related to a money laundering offence or a terrorist activity financing offence. A suspicious transaction can include one that was attempted. Throughout this guideline, any mention of a “transaction” includes one that is either completed or attempted.
        • “Reasonable grounds to suspect” is determined by what is reasonable in the circumstances, including normal business practices and systems within the industry.
        • There is no monetary threshold for making a report on a suspicious transaction. A suspicious transaction may involve several factors that may on their own seem insignificant, but together may raise suspicion that the transaction is related to the commission or attempted commission of a money laundering offence, a terrorist activity financing offence, or both. The context in which the transaction occurs or is attempted is a significant factor in assessing suspicion.
        • An assessment of suspicion should be based on a reasonable evaluation of relevant factors, including the knowledge of the customer’s business, financial history, background and behaviour.

        An indicative list of suspicious transactions is as follows:

        • Any attempt to avoid reporting / record-keeping requirements / provides insufficient / suspicious information:
          • A customer who is reluctant to provide information needed for a mandatory report, to have the report filed or to proceed with a transaction after being informed that the report must be filed.
          • Any individual or group that coerces/induces or attempts to coerce/induce MyLoanCare employee from not filing any report or any other forms.
          • An account where there are several cash transactions below a specified threshold level to avoid filing of reports that may be necessary in case of transactions above the threshold level, as the customer intentionally splits the transaction into smaller amounts for the purpose of avoiding the threshold limit.
        • Certain Employees of MyLoanCare arousing suspicion:
          • An employee whose lavish lifestyle cannot be supported by his or her salary.
          • Negligence of employees / willful blindness is reported repeatedly.
        • Some examples of suspicious activities/transactions to be monitored by the operating staff:
          • Multiple accounts under the same name
          • Customer unreasonably refuses to furnish details of source of funds by which initial contribution is made, sources of funds are doubtful etc;
          • There are reasonable doubts over the real beneficiary of the loan.
          • Frequent requests for change of address.

        Responsibility:

        The Principal Officer in co-ordination with the Credit Operations Team should review the STR Reports and finalize the transactions to be reported as STR. The Principal Officer is responsible for reporting the same to FIU-IND. The following activities will be undertaken in the process of reporting suspicious transactions:

        • Monitoring of large value and exceptional / unusual transactions in customer’s accounts with the Company
        • Escalation of suspicious transactions to respective business heads / product heads
        • Filing Cash Transaction Report (CTR) with the FIU by 15th of subsequent month
        • Filing Suspicious Transaction Report (STR) with FIU by 15th of subsequent month from date of establishing of suspicious transaction as per the FIU format in both electronic and manual form
        • Scrutinizing sample of customer data against UNSCR and other negative lists as issued by NHB / other Regulatory / Statutory entities from time-to-time and escalating the same to Business Heads.
      • CASH TRANSACTION REPORTS (CTR)

        Company does not encourage dealing with any customer in cash in normal course except when such a request is specifically made by the customer citing valid reason or when doing so is deemed absolutely necessary. All cash collections made from customers, are to be deposited in the Company’s bank account within two working days and credited to the respective customer’s loan account.

        All individual cash transactions in an account during a calendar month, where either debits or credit summation, computed separately, exceeding Rupees Ten Lakhs or its equivalent in foreign currency, during the month should be reported to FIU-IND. However, while filing CTR, details of individual cash transactions below Rupees Fifty Thousand may not be indicated. The Principal Officer should ensure submission of CTR for every month to FIU-IND before 15th of the succeeding month. CTR should contain only the transactions carried out by the Company on behalf of their clients/customers excluding transactions between the internal accounts of the Company.

      • COUNTERFEIT CURRENCY REPORT (CCR)

        Company does not encourage dealing with any customer in cash in normal course except when such a request is specifically made by the customer citing valid reason or when doing so is deemed absolutely necessary.

        A separate Counterfeit Currency Report should be filed for each incident of detection of Counterfeit Indian currency. If the detected counterfeit currency notes can be segregated on the basis of tendering person, a separate CCR should be filed for each such incident. These transactions should be reported to Director, Financial Intelligence Unit, India by not later than the 15th of the succeeding month from the date of occurrence of such transactions. In the event any fake or counterfeit note is detected by Company staff, despite taking all precautions; then it must be noted in a cash register separately. Reporting of the case with full details like name of customer, amount, denomination, date - must be reported to Compliance Officer. Compliance Officer shall collate all the data and report to NHB / RBI under PMLA, as mentioned above.

      • MONITORING & REPORTING OF TRANSACTIONS
        • MyloanCare will keep a continuous vigil, if any of the following acts or events is noticed in relation to the customer's approach or behaviour while dealing with the Company:
        • Reluctance of the customer to provide confirmation regarding his identity
        • Loan money is used for the purpose other than the one mentioned in the sanction letter form and the real purpose is not disclosed to MyloanCare
        • Customer forecloses the loan prior to the stated maturity from suspect sources of funds
        • Customer suddenly pays a substantial amount towards partial repayment of the loan from suspect sources of funds
        • Customer defaults regularly and then pays substantial cash at periodical intervals i.e. once in six months.
        • MyloanCare shall pay special attention to all complex, high-risk, unusually large transactions and all unusual or suspicious patterns which have no apparent economic or visible lawful purpose.
        • MyLoanCare may prescribe threshold limits for a particular category of accounts and pay close attention to the transactions that exceed the prescribed threshold limits. Such transactions shall be reported to the Risk Department and the Principal Officer appointed as per this policy.
        • Very high account turnover inconsistent with the size of the balance maintained may indicate that funds are being ‘washed’ through that account. MyLoanCare shall ensure that proper record of all transactions and cash transactions (deposits and withdrawals) of Rs.10 lakhs and above in the accounts is preserved and maintained as required under the PMLA.
        • MyLoanCare shall introduce a system of maintaining proper record of the following transactions:
          • All cash transactions of the value of more than rupees Ten lakhs to its equivalent in foreign currency;
          • All series of cash transactions integrally connected to each other which have been valued below rupees Ten lakhs or its equivalent in foreign currency where such series of transactions have taken place within a month and the aggregate value of such transactions exceeds rupees Ten lakhs;
          • All transactions involving receipts by non-profit organizations of rupees ten lakhs or its equivalent in foreign currency;
          • All suspicious transactions, where forged or counterfeit currency notes or bank notes have been used as genuine and where any forgery of valuable security or a document has taken place facilitating the transactions;
          • All suspicious transactions whether or not made in cash and by way of as mentioned in the Rules.

        Reporting requirement under Foreign Account Tax Compliance Act (FATCA) and Common Reporting Standards (CRS)

        • Process of Reporting under FATCA (Foreign Account Tax Compliance Act) and CRS (Common Reporting Standard) is as follows:
        • Identifying a Reporting Financial Institution (RFI)
        • Reviewing the Financial accounts of RFI
        • Identifying the Reportable Accounts by applying due diligence rules
        • Report the relevant information in respect of identified Reportable Accounts in Form 61B
      • MyLoanCare shall take following steps for complying with the reporting requirements:
        • Register on the related e-filling portal of Income Tax Department as Reporting Financial Institutions at the link https://incometaxindiaefiling.gov.in/ post login --> My Account --> Register as Reporting Financial Institution,
        • Submit online reports by using the digital signature of the ‘Designated Director’ by either uploading the Form 61B or ‘NIL’ report, for which, the schema prepared by Central Board of Direct Taxes (CBDT) shall be referred to.
      • MyLoanCare shall maintain Information Technology (IT) framework for carrying out due diligence procedure and for recording and maintaining the same, develop a system of audit for the IT framework and compliance with Rules 114F, 114G and 114H of Income Tax Rules and Constitute a “High Level Monitoring Committee” under the Designated Director or any other equivalent functionary to ensure compliance.
    • MyLoanCare shall ensure that it continues to maintain proper record of all cash transactions (deposits and withdrawals) of Rs. 10 lakhs and above. The internal monitoring system shall have an inbuilt procedure for reporting of such transactions and those of suspicious nature whether made in cash or otherwise, to controlling / head office on a fortnightly basis.
    • The records shall be preserved in the following manner:
      • The nature of transactions
      • The amount of the transaction and the currency in which it was denominated
      • The date on which the transaction was conducted
      • The parties to the transaction
    • Ordinarily, all dealings shall be only through normal banking channels and dealing in cash with any customer in any amount is to be avoided and MyLoanCare or its employee/ official shall deal with any customer in cash only if requested by the customer and found to be absolutely necessary solely for the purpose of collection of due / overdue amounts. Any amounts collected from the customer in cash shall be deposited in MyLoanCare’s bank account and shall be duly reflected in the customer’s loan account with MyLoanCare within one business day of being collected. No cash dealings of any other nature with the customers shall be permitted.
    • REPORTING TO FINANCIAL INTELLIGENCE UNIT - INDIA

      The Principal Officer will report information relating to cash and suspicious transactions if detected, to the Director, Financial Intelligence Unit-India (FIU-IND) as advised in terms of the PMLA rules, in the prescribed formats as designed and circulated by RBI at the following address:
      Director, FIU-IND,
      Financial Intelligence Unit, India,
      6th Floor, Hotel Samrat,
      Chanakyapuri,
      New Delhi - 110021

      Where the Principal Officer has reason to believe that a single transaction or series of transactions integrally connected to each other have been valued below the prescribed value to so to defeat the provisions of PMLA rules, such officer shall furnish information in respect of such transactions to the Director, FIU-IND, within the prescribed time.

      A copy of all information furnished shall be retained by the Principal Officer for the purposes of official record.

      The information in respect of the transactions referred to in clauses D 4, D 5 and D 6 referred above in this section will be submitted to the Director - FIU every month by the 15th day of the succeeding month.

    • The information in respect of the transactions referred to in clause IV referred above will be furnished promptly to the Director - FIU in writing, or by fax or by electronic mail not later than seven working days from the date of occurrence of such transaction.
    • The information in respect of the transactions referred to in clause V referred above will be furnished promptly by the Director - FIU in writing, or by fax or by electronic mail not later than seven working days on being satisfied that transaction is suspicious.
    • Strict confidentiality will be maintained by the Company and its employees of the fact of furnishing / reporting details of such suspicious transactions.
    • As advised by the FIU-IND, New Delhi; the Company will not be required to submit 'NIL' reports in case there are no Cash / Suspicious Transactions, during a particular period.
    • The required information will be furnished by the Company directly to the FIU-IND, through the designated Principal Officer.
    • High risk accounts shall be subjected to intensified monitoring. The Company shall set key indicators for such high risk accounts, taking note of the background of the customer, which will include country of origin, source of funds, the type of transactions involved (like accounts having unusual transactions, inconsistent turnover, etc) and other risk factors. Additionally, the Company shall put in place a system of periodical review of risk categorization of accounts and the need for applying enhanced due diligence measures basis the revised risk categories.

      • In addition to the Ordinary Monitoring Standards, any high-risk accounts should also receive the following monitoring:

      • Conduct periodic (at least quarterly) reviews of all medium to high-risk accounts
      • Create additional reports designed to monitor all transactions in an account to detect patterns of potential illegal activities
      • Follow up on any expectations detected from the monitoring reports by contacting the account owner personally to inquire about the unusual activity detected and regularly report status of account inquiries to Principal Officer.
    • POLICY IMPLEMENTATION GUIDELINES
      • For effective implementation of KYC policy there has to be proper co-ordination, communication and understanding amongst all the functions of the Company. The Board of Directors shall ensure that an effective KYC program is put in place by establishing proper procedures and ensuring their effective implementation. Heads of all the Departments will ensure that the respective responsibilities in relation to KYC policy are properly understood, given proper attention and appreciated and discharged with utmost care and attention by all the employees of the Company.
      • The Risk department of the Company will carry out quarterly checks to find out as to whether all features of KYC policy are being followed and adhered to by all the Departments concerned. The Risk Department shall sign off on the KYC documents for corporate entities, before every disbursement.
      • The Company shall also mandatorily include KYC adherence in its internal audit scope every quarter. For co-lending partners, the Company shall carry out sample quarterly KYC sample audit by independent audit firms to assess adherence with the KYC norms.
      • Company will take steps to ensure that its internal auditors are made well versed with this policy that will carry out regular checks about the compliance of KYC procedures by all the branches of the Company. Any lapse or short coming observed by the internal auditors will be brought to the notice of Department Heads concerned. There will be quarterly assessment to check the compliance level by a committee to be constituted by the Board.
      • The Company will conduct at regular intervals training programmes to impart training to its staff members regarding KYC procedures to ensure consistent and highest degree of compliance level. A record of these training sessions may be maintained including date of training, topic of training and list of attendees.
      • The inadequacy or absence of KYC standards can subject the Company to serious risks especially reputational, operational, legal and concentration risks.
      • Reputational risk is defined as the risk of loss of confidence in the integrity of the institution, that adverse publicity regarding the Company's business practices and associations, whether accurate or not causes.
      • Operational risk can be defined as the risk of direct and indirect loss resulting from inadequate or failed internal processes, people and systems or from external events.
      • Legal risk is the possibility that law suits, adverse judgments or contracts that turn out to be unenforceable can disrupt or adversely affect the operations or condition of the Company.
      • Concentration risk although mostly applicable on the assets side of the balance sheet, may affect the liability as it is also closely associated with funding risk, particularly the risk of early and sudden withdrawal of funds by large depositors, with potentially damaging consequences for the liquidity of the Company.
      • All these risks are interrelated. Any one of them can result in significant financial cost to the Company and diverts considerable management time and energy to resolving problems that arise.
      • Customer education

        For implementing KYC policy, the Company shall have to seek personal and financial information from the new and intended customers at the time they apply for availing the loan facilities. It is likely that any such information, if asked from the intended customer, may be objected to or questioned by the customers. To effectively address such situations, it is necessary that the customers are educated and appraised about the sanctity and objectives of KYC procedures so that the customers do not feel hesitant or have any reservation while passing on the information to the Company. For this purpose, all the staff members with whom the customers will have their first interaction / dealing will be provided training to answer any query or questions of the customers and satisfy them while seeking certain information in furtherance of KYC Policy. To educate the customers and win their confidence in this regard, a copy of the updated version of KYC policy shall be available at the Company’s website and the employees of the Company shall encourage customers to check the policy on the Company’s website.

      • Threat from adoption of new technologies

        As part of the KYC and AML Policy, special attention should be paid to any money laundering threats that may arise from new or developing technologies including on-line transactions that might favour anonymity and adequate measures, if needed, should be taken to prevent their use in money laundering schemes. The Principal Officer should ensure to submit CTR for every month to FIU-IND within the prescribed time schedule.

      • KYC policy for existing customers

        Although this KYC Policy will apply and govern all the new and prospective customers; some of the KYC procedures laid down in this policy particularly which deal with Customer Identification, Monitoring of Transactions and Risk Management need to be effectively applied to the existing customers and their loan accounts. While applying such KYC procedures to the existing loan accounts if any unusual pattern is noticed, the same should be brought to the notice of the Department Heads concerned and the Principal Officer appointed by the Company as per RBI directives.

        In case any existing customer does not co-operate in providing the information required as per KYC policy or conducts himself in such manner which gives rise to suspicion about his identity or credentials, such matters will be brought to the notice of Principal Officer who in turn will make necessary inquiries and if required shall forward the name of such customers to the authorities concerned for appropriate action. Besides above, in such situation the Company, for reasons to be recorded, may recall the loan granted to such customers and take recourse to legal remedy against the customers as well as security furnished by such customers.

    • APPOINTMENT OF PRINCIPAL OFFICER

      To ensure effective implementation of this KYC Policy and a proper co-ordination and communication between the Company and RBI and other enforcement agencies, the Company shall designate a senior official Principal Officer who will operate from the corporate office of the Company. The job of the Principal Officer will be to maintain an effective communication and liaison with RBI and other enforcement agencies which are involved in the fight against money laundering and combating financing of terrorism, and to take appropriate steps in all such matters which are brought to the notice of the Principal Officer by any department of the Company regard to any suspicious acts or omissions or acts of noncompliance on the part of any customers.

      The name of the Principal Officer so designated, his designation and address including changes from time to time, may please be advised to the Director, FIU-IND and the same shall also be prominently displayed on the company’s website.

      Principal Officer shall be located at the Head / Corporate office of the Company at Gurgaon.

      In addition, one of the Directors of MyLoanCare, other than the Principal Officer, shall be nominated by the Board of MyLoanCare to ensure overall compliance with the obligations under Chapter IV of the PML Act and the rules therein. The name of the Designated Director, his designation, address and contact details including changes from time to time, shall be communicated to the RBI.

      Details of Designated Director and Principal Officerf as updated from time to time are available on https://www.myloancare.in/corporate-disclosures/

    • MAINTENANCE AND PRESERVATION OF RECORDS

      MyLoanCare shall maintain proper records of the transactions as required under the provisions of PML Act and Rules. MAFIL shall:

      • Records of all transactions referred to in clause (a) of Sub-section (1) of section 12 read with Rule 3 of the PML Rules [referred to in Para 5. Supra] are required to be maintained for a period of ten years from the date of transactions between the Clients and the Company.
      • Records of the identity of all clients of the Company are required to be maintained for a period of ten years from the date of cessation of transactions between the Clients and the Company.
      • maintain all necessary records of transactions between MyLoanCare and the customer, both domestic and international, for at least five years from the date of transaction or any other higher periods specified in any other law
      • preserve the records pertaining to the identification of the customers and their addresses obtained while opening the account and during the course of business relationship, for at least five years after the business relationship isended.
      • introduce a system of maintaining proper record of transactions prescribed under Rule 3 of Prevention of Money Laundering (Maintenance of Records) Rules, 2005 (PML Rules, 2005)
      • maintain all necessary information in respect of transactions prescribed under PML Rule 3 so as to permit reconstruction of individual transaction, including the following:
        • (i) the nature of the transactions;
        • (ii) the amount of the transaction and the currency in which it was denominated;
        • (iii) the date on which the transaction was conducted; and
        • (iv) the parties to the transaction.
      • MyLoancare have a system for proper maintenance and preservation of information in a manner (in hard and/or soft copies) that allows data to be retrieved easily and quickly whenever required or as/ when requested by the competent authorities.

      MyLoancare will ensure that the appropriate steps are taken to evolve a system for proper maintenance and preservation of information in a manner in soft copy that allows data to be retrieved easily and quickly whenever required or when requested by the competent authorities.

    • Periodic Review of this Policy

      • The Board of Directors shall review and amend this Policy and the risk categorization parameters forming the part of said policy; in the event of any update/ changes pursuant to amendments in RBI’s KYC master direction, or any business requirements subject to applicable regulations and the Policy shall be reviewed at least annually.

    • Change Control Sheet:
      • Document version Reviewed by Approved by Approval Date
      1.4 Anju M. Juneja Board of Directors 19-05-2023
      1.3 Aikta Dube Board of Directors 16-01-2023
      1.2 Aikta Dube Board of Directors 07-09-2022
      1.1 Aikta Dube Board of Directors 28-02-2022
      1.0 Gaurav Gupta Board of Directors 18-11-2021

      Annexure 1

      Customer Due Diligence (CDD) Requirements, Acceptable OVD and Process for Verification

      MyLoanCare must obtain, through physical copy/ c-KYC process/ Digilocker / other physical or digital mode

      1. PAN or e-PAN,

        2. AND

      2. Any one of:
        1. Proof of possession of Aadhaar number with offline verification, OR
        2. The KYC Identifier with an explicit consent to download KYC records from CKYCR

        3. AND

      3. In case the customers’ current address is different from address as per proof of possession of Aadhaar number, any one of the following OVD:
        1. Passport,
        2. Driving license,
        3. Voter id card,
        4. NREGA job card,
        5. NPR letter

        AND

      4. Proof of having a bank account with a scheduled commercial bank in India

        5. AND

      5. For loan amount greater than Rs. 60,000 in a financial year, proof of employment or income, which may be:
        1. Salary slip not more than one month old, OR
        2. Proof of credit in EPFO account not more than 90 days old, OR
        3. Proof of salary credit with employer name visible in bank statement not more than one month old, OR
        4. Form 16 issued by employer, not more than 1 year old, OR
        5. Any other document such as valid identity card/ appointment letter/ employment certificate issued by the employer, OR
        6. Rent agreement or credit of rent in bank account, OR
        7. Algorithm based imputed income from customer’s bureau record
        8. Any other document confirming income and its source
      6. For programs where employment check is mandated as per product policy, proof of employment or income, which may be:
        1. Salary slip not more than one month old, OR
        2. Proof of credit in EPFO account not more than 90 days old, OR
        3. Proof of salary credit with employer name visible in bank statement not more than one month old, OR
        4. Form 16 issued by employer, not more than 1 year old, OR
        5. Any other document such as valid identity card/ appointment letter/ employment certificate issued by the employer, OR
        6. Access to official email id, OR
        7. Any other document confirming income and its source

      It is clarified that, while permitted to do so, as a matter of policy, MyLoanCare currently does not accept Digital KYC (as defined in Chapter 1, Section 3 viii. of the RBI Mater Directions) or Aadhaar OTP based e-KYC (in non face-to-face mode) for purpose of Customer Due Diligence.



      Validation process:

      Proof of Identification (POI) Proof of address (POA) Validation process Validity
      PAN Yes No With NSDL data; original card to be verified, read, stored, data matched and face matched during CIP (e-PAN printout copy or PAN photocopy not valid for CIP). 180 days
      Proof of possession of Aadhaar number Yes For either permanent or current address proof Through offline Aadhaar verification (o-KYC) or Digilocker or e-KYC along with verification trail Gap between Aadhaar verification and CIP must not exceed 3 days
      OVD other than proof of possession of Aadhaar number Yes For current address proof together with valid OVD as permanent address proof Against government data or using AI based utility to check for fraud or positive verification through dispatch of letter/ physical customer premise verification 10 years
      Bank account No No Penny drop and/ or successful e-NACH set up and/ or successful online latest bank statement pull over internet banking/ account aggregator. In such cases, requirement for physical cancelled cheque copy or physical bank statement/ passbook may be dispensed with. 30 days

      Aadhaar card/ number, if and when obtained, shall always be obtained and stored in redated (masked) form only. No biometric information of the customer shall either be sought or stored as part of the KYC process or otherwise.

      In case the current address of the customer is different from the address as per the proof submitted, the same shall be recorded as alternate address and the customer shall submit any one of the following documents (or equivalent e-documents) as proof of the same:

      • Any OVD, OR
      • Utility bill (electricity, fixed line telephone/ broadband, post-paid mobile phone, piped gas, water bill) which should not be more than two months old, OR
      • Property or municipal tax receipt not more than one year old, OR
      • Letter of allotment of accommodation from reputed employers including central/ state government, public sector undertaking, companies listed on recognized stock exchanges, banks, financial institutions, statutory/ regulatory bodies

      provided that when the proof submitted is other than an OVD, the customer shall undertake to submit an OVD as proof within three months.

      The proof of alternate address may be either in the name of the customer or any immediate family member of the customer with proof of relationship.

      In case of change of name on marriage, the OVD in pre marriage name shall be accepted alongwith a copy of the marriage certificate.

      CDD Procedure and sharing KYC information with Central KYC Records Registry (CKYCR)

      MyLoanCare shall capture customer’s KYC records and upload onto CKYCR within 10 days of commencement of an account-based relationship with the customer.

      MyLoanCare shall adhere to Operational Guidelines for uploading the KYC data have been released by CERSAI.

      MyLoanCare shall capture the KYC information for sharing with the CKYCR in the manner mentioned in the Rules, as per the KYC templates prepared for ‘Individuals’ and ‘Legal Entities’ (LEs), as the case may be. The templates may be revised from time to time, as may be required and released by CERSAI

      MyLoanCare shall upload KYC records pertaining to accounts of LEs opened on or after April 1, 2021, with CKYCR in terms of the provisions of the Rules ibid. The KYC records have to be uploaded as per the LE Template released by CERSAI

      MyLoanCare shall ensure that during periodic updation, the customers are migrated to the current CDD standard.

      Annexure II: Process for Change of Mobile numbers

      1. Customer may raise a request for change of mobile number with customer care.

      2. On receipt of change request, customer would need to verify the new mobile number with system generated OTP.

      3. On verification of OTP, the new mobile number would be recorded as primary contact number.

      4. Change history would be captured and stored in the system.

      5. Facility for change of mobile number as per above process may also be made available in web or app interface over secure login.

      Effective Date- 19th May 2023