+91 7304447444
Products
KYC Policy
Policy & Anti Money Laundering Measures
1. RBI Circular on KYC
The master direction ‐ “Know Your Customer (KYC)” direction, 2016 was revised for all REs/ FIs vide by RBI vide Master Direction DBR.AML.BC.No.81/14.01.001/2015-16 dated February 25, 2016 (Updated as on January 04, 2024).
The objective of “Know Your Customer (KYC)” guidelines is to prevent any Financial Institution (FI) from being used, intentionally or unintentionally, by criminal elements for money laundering or terrorist financing activities. KYC procedure also enables FI to know/ understand their customer and their financial dealings better which in turn help them to manage their risk prudently.
2. Applicability of Circular
The Know Your Customer (KYC) and AML policy should be duly approved by the Board of Directors or any committee of the Board to which power has been delegated.
The provisions of this policy are in line with the Guidelines issued by RBI and shall apply (with updates and amendments) to IIFL HFL at all times.
3. Key Elements
KYC is an ongoing process which starts with the beginning of relationship and runs through the life cycle of our relationship with the borrower. KYC Policy includes below 4 key elements:
(a) Customer Acceptance Policy;
(b) Risk Management;
(c) Customer Identification Procedures (CIP); and
(d) Monitoring of Transactions
4. Money Laundering and Terrorist Financing Risk Assessment
IIFL HFL shall carry out ‘Money Laundering (ML) and Terrorist Financing (TF) Risk Assessment’ exercise periodically to identify, assess and take effective measures to mitigate its money laundering and terrorist financing risk for clients, countries or geographic areas, products, services, transactions or delivery channels, etc.
The assessment process should consider all the relevant risk factors before determining the level of overall risk and the appropriate level and type of mitigation to be applied. While preparing the internal risk assessment, the Company shall take cognizance of the overall sector‐specific vulnerabilities, if any, that the regulator may share with the Company from time to time.
The risk assessment by IIFL HFL shall be properly documented and be proportionate to the nature, size, geographical presence, complexity of its activities/structure, etc. Further, the periodicity of risk assessment exercise shall be determined by the Board, in alignment with the outcome of the risk assessment exercise. However, it should be reviewed at least annually.
The outcome of the exercise shall be put up to the Board or any committee of the Board to which power in this regard has been delegated and should be available to competent authorities and self‐regulating bodies.
IIFL HFL shall apply a Risk Based Approach (RBA) and implement a CDD program to identify ML/TF risks , size of business for mitigation and management of the identified risk and should have Board approved policies, controls and procedures in this regard. Further, it shall monitor the implementation of the controls and enhance them if necessary.
In terms of PML Rules, groups are required to implement group-wide policies for the purpose of discharging obligations under the provisions of Chapter IV of the PML Act, 2002. Accordingly, every company which is part of a group, shall implement group-wide programs against money laundering and terror financing, including group-wide policies for sharing information required for the purposes of client due diligence and money laundering and terror finance risk management and such programs shall include adequate safeguards on the confidentiality and use of information exchanged, including safeguards to prevent tipping-off.
5. Compliance of the KYC Policy
• Senior Management or HOD of the respective departments are responsible for the purpose of KYC compliance, allocation of the responsibility of effective implementation of policies and procedures to their teams.
• IIFL HFL also ensures independent evaluation of the compliance function of the policies and procedures including legal and regulatory requirement.
• IIFL HFL has Concurrent/internal audit system to verify the compliance with KYC/AML policies and procedures.
• Submission of quarterly audit notes and compliance to the Audit Committee.
• IIFL HFL shall ensure that decision-making functions of determining compliance with KYC norms are not outsourced.
6. Customer Acceptance Policy
Below guidelines must be followed while appraisal a loan application:
(a) No loan to be sanctioned in anonymous or fictitious/benami name.
(b) No loan to be sanctioned where we are unable to collect proper KYC documents (as per policy) either due to non‐cooperation of the borrower or due to non‐reliability of the documents/information furnished by the borrower (FCU Fraud). The IIFL HFL shall consider filling a STR, if necessary, when it is unable to comply with the relevant CDD measures in relation to customer.
(c) No loan to be disbursed without following the CDD (Customer Due Diligence) procedure.
(d) The mandatory information to be sought for KYC purpose prior to disbursal of a loan and during the periodic updation (post disbursal), has been mentioned in this policy.
(e) Optional/ additional information to be obtained with the explicit consent of the customer after loan disbursal.
(f) CDD measures should be applied at CUID/ UCIC level. Thus, If an existing CKYC compliant customer of IIFL HFL desires to avail Top Up or another loan, there shall be no need for a fresh CDD exercise except for scenarios where address of borrower has changed and/ or in case of change in Risk Category (Dynamic Risk Category & Initial Risk Category in system shall be the same of the borrower).
(g) KYC documentation is mandatory for all borrowers, co‐borrower, Guarantor & POA Holder while disbursing a loan.
(h) Circumstances in which a borrower is permitted to act on behalf of another person/ entity, is allowed as per defined guidelines in this policy.
(i) Credit to ensure that the identity of the borrower does not match with any person or entity, whose name appears in the sanctions lists circulated by Reserve Bank of India from time to time.
(j) Where a Permanent Account Number (PAN) is obtained, same shall be verified from NSDL.
(k) Where GST details are available, The GST number shall be verified from the search/verification facility of issuing authority (GST portal)
Note: a) It is important to bear in mind that the adoption of Customer Acceptance Policy and its implementation should not result in denial of IIFL HFL's services to general public, especially to those, who are financially or socially disadvantaged.
Joint approval from “Compliance Head” + “Policy Head” to be obtained in case of any such exceptional scenarios.
b) Where IIFL HFL forms a suspicion of money laundering or terrorist financing, and it reasonably believes that performing the CDD process will tip-off the customer, it shall not pursue the CDD process, and instead file an STR with FIU-IND.
7. Risk Management
Risk Based Approach: For Risk management, IIFL HFL have a risk-based approach which included the following:
• Th borrower shall be categorized as a low, medium and high risk category based on parameters defined in this policy.
• The customers/Borrower(s), basis their profile, identity, social/ financial status, nature of business activity, and information about the borrower’s business & their location etc., are categorized under 3 types of Risk. While considering customer’s identity, the ability to confirm identity documents through online or other services offered by issuing authorities may also be factored in.
• The risk categorization of a customer and the specific reasons for such categorization shall be kept confidential and shall not be revealed to the customer to avoid tipping off the customers.
(i) Low Risk: Individuals (other than High Net Worth) and entities whose identities and sources of wealth can be easily identified and transactions in whose accounts by and large conform to the known profile may be categorized as low risk. Illustrative examples of low-risk customers could be salaried employees whose salary structures are well defined, people belonging to lower economic strata of the society whose accounts show small balances and low turnover, Government Departments & Government owned companies, regulators and statutory bodies, etc.
(ii) Medium Risk: Customers that are likely to pose a higher than average risk to the HFC may be categorized as medium or high risk depending on customer's background, nature and location of activity, country of origin, sources of funds and his client profile, Non resident Indian, etc.
(iii) High Risk: Examples of customers requiring higher due diligence may include:
• Companies having close family shareholding or beneficial ownership (BO)
• Politically exposed persons (PEPs),
• Marketing firms, especially accounts of Multi‐level Marketing (MLM) Companies
• Customers with Suspicious Transactions.
• Those with dubious reputation as per available information.
• Customers from FATF high risk jurisdictions and increased monitoring jurisdictions
• Risk Categorization is reviewed on a monthly basis which is based on system validations logics on the different parameters. In our system, every loan is categorized at the time of origination as well as post disbursal as below:
(i) Static Risk: Risk category is fixed at the time of inception of loan.
(ii) Dynamic Risk: Post loan disbursal, the risk category of borrower changes basis the DPD and AML Checks.
8. Detailed categorization norms have been defined in the underwriting policy of IIFL HFL..
*Beneficial Owner –
(a) Where the customer is a company, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has/have a controlling ownership interest or who exercise control through other means.
Explanation ‐ For the purpose of this sub‐clause:‐
(i) "Controlling ownership interest" means ownership of/entitlement to more than 10% of the shares or capital or profits of the company.
(ii) "Control" shall include the right to appoint a majority of the directors or to control the management or policy decisions including by virtue of their shareholding or management rights or shareholders agreements or voting agreements.
(b) Where the customer is a partnership firm, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has/have “ownership of” or “entitlement to” more than 10% of capital or profits of the partnership.
(c) Where the customer is an unincorporated association or body of individuals, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has/have ownership off entitlement to more than 15% of the property or capital or profits of the unincorporated association or body of individuals.
Explanation‐ Term 'body of individuals' includes societies. Where nobody natural person is identified under (a), (b) or (c) above, the beneficial owner is the relevant natural person who holds the position of senior managing official.
(d) Where the customer is a Trust, the identification of beneficial owner(s) shall include identification of the author of the trust, the trustee, the beneficiaries with 10% or more interest in the trust and any other natural person exercising ultimate effective control over the trust through a chain of control or ownership.
9. Customer Identification Procedure (CIP) & Customer Due Diligence (CDD)
Customer Identification means undertaking client due diligence (CDD) measures while commencing relationship including identifying and verifying the customer on the basis of one of the Officially Valid Documents.
CDD means identifying and verifying the customer and the beneficial owner using reliable and independent sources of identification.
Further Explanation - The CDD, at the time of commencement of an account-based relationship or while carrying out occasional transaction of an amount equal to or exceeding rupees fifty thousand, whether conducted as a single transaction or several transactions that appear to be connected, shall include:
(a) Identification of the customer, verification of their identity using reliable and independent sources of identification, obtaining information on the purpose and intended nature of the business relationship, where applicable;
(b) Taking reasonable steps to understand the nature of the customer's business, and its ownership and control;
(c) Determining whether a customer is acting on behalf of a beneficial owner and identifying the beneficial owner and taking all steps to verify the identity of the beneficial owner, using reliable and independent sources of identification.
• Below are mandatory to be documented:
(i) Identity proof
(ii) Address proof
(iii) One recent photograph
For the purpose of verifying the identity of customers at the time of commencement of an account-based relationship, IIFL HFL, may rely on customer due diligence done by a third party, subject to the following conditions:
(a) Records or the information of the customer due diligence carried out by the third party is obtained immediately from the third party or from the Central KYC Records Registry.
(b) Adequate steps are taken by IIFL HFLs to satisfy themselves that copies of identification data and other relevant documentation relating to the customer due diligence requirements shall be made available from the third party upon request without delay.
(c) The third party is regulated, supervised or monitored for, and has measures in place for, compliance with customer due diligence and record-keeping requirements in line with the requirements and obligations under the PML Act.
(d) The third party shall not be based in a country or jurisdiction assessed as high risk.
(e) The ultimate responsibility for customer due diligence and undertaking enhanced due diligence measures, as applicable, will be with the IIFL HFL.
10. Procedure for obtaining identification/ Customer Due Diligence (CDD) Procedure:
For Individuals: For undertaking CDD, IIFL HFL shall obtain the following from individual while establishing account-based relationship or while dealing with the individual who is beneficial owner, authorised signatory or power of attorney holder related to any legal entity:
(a) the Aadhaar number:
i. Where borrower is desirous of receiving any benefit or subsidy under any scheme like CLSS etc.; or
ii. he decides to submit his Aadhaar number voluntarily
Note: Note: A borrower may submit only the “proof of possession of Aadhaar number” s.t. any other OVD containing the details of his identity and address has been submitted.
The KYC identifier with an explicit consent to download records from CKYCR
(b) the Permanent Account Number or Form No. 60 if PAN is not available; and
(c) such other documents including in respect of the nature of business and financial status of the customer.
Points to be noted:
Where the customer has submitted,
i) Aadhaar number under (a) above, then IIFL HFL shall carry out authentication of the customer’s Aadhaar number using e‐KYC authentication facility provided by the UIDAI. Further, in such a case, if customer wants to provide a correspondence address, different from the address as per Aadhaar, then he must give a self‐declaration to that effect to IIFL HFL.
ii) any OVD or proof of possession of Aadhaar number where offline verification cannot be carried out, then IIFL HFL shall carry out verification as specified under Digital KYC process.
Customer due diligence procedure is performed by IIFL HFL employees.
11. Verification through digital KYC as specified under process of Digital KYC
Officially Valid Document (OVD): IIFL HFL obtain any one of below OVD s.t PAN & Aadhar norms as specified :
| For Individuals ‐ OVD (Officially Valid Documents) | ||||
|---|---|---|---|---|
| ID Proof | Address Proof (copy of any one) | |||
| Passport | Passport | |||
| PAN Card | Proof of possession of Aadhaar number | |||
| Voter’s ID Card | Voter’s ID Card | |||
| Driving License | Driving License | |||
| Note: | ||||
| (i) Self attestation & OSV is mandatory on above documents. | ||||
| (ii) PAN Card/ Form 60 is mandatory. | ||||
| (iii) In absence of PAN (in special scenarios as mentioned above in policy document), any of above mentioned alternate documents under ID proof can be accepted. Form 60 is mandatory in such cases. | ||||
| (iv) Above mentioned OVD (Address Proof) can be accepted for Permanent Address also. Details of "Permanent Address" must be captured in system and FI of correspondence address and permanent address to be done. | ||||
12. Non Individual:
Below documents are required as Business Proof for Non‐Individuals:
| Non Individuals ‐ Business Existence Proof | |||||
|---|---|---|---|---|---|
| Proprietorship Concern | Registered Partnership Firm | Registered Trust | Legal Entity (Company) | Unregistered Partnership Firm or Unregistered Trust (Unincorporated Association)/ Body of Individuals | Other Juridical persons not specifically covered in the earlier part, Societies/ Universities and local bodies |
| Any 2 of below mentioned documents | All below docs are mandatory: | ||||
| Registration Certificate including Udyam registration certificate | Registration Certificate | Registration Certificate | Certificate of incorporation | Resolution of the managing body of body of Association/ Individuals | Resolution & Byelaws of the concerned body |
| NA | List of all the partners. | List of all the Beneficiaries, trustees, Settlor, protector, if any and author of Trust | List of Senior management persons of company | List of all the partners/trustees/members. | NA |
| Certificate/license issued by the municipal authorities under Shop and Establishment Act | Partnership Deed (must be registered) | Trust Deed (must be registered) | Memorandum and Articles of Association | PAN or Form No.60 of the unincorporated association or a body of individuals | PAN or Form No.60 of the unincorporated association or a body of individuals |
| NA | Address proof of Registered office and principal place of business, If it is different. | Address proof of Registered office & List of trustees, Registered document of Trustee being act on behalf of trust. | Address proof of Registered office and principal place of business, If it is different. | Address proof of Registered office and principal place of business, If it is different. | NA |
| GST Return and Income Tax returns | PAN of the Partnership Firm | PAN or Form 60 of the Trust | PAN of the company | Unregistered Partnership/ Trust Deed/ any other document to establish legal existence of such an Association or Body of Individuals | Incorporation Proof &/or Establishment Deed |
| CST/VAT/CST certificate (provisional/ final) | One copy of an OVD containing details of identity and address, one recent photograph and PAN or Form 60 of the partners who are authorized to transact on behalf of the Firm. | One copy of an OVD containing details of identity and address, one recent photograph and PAN or Form 60 of the Trustees who are authorized to transact on behalf of the Trust. | A resolution from the Board of Directors and power of attorney granted to its managers, officers or employees to transact on its behalf; | Power of attorney/ Authority Letter granted to transact on its behalf; | Power of attorney/ Authority Letter granted to transact on its behalf; |
| Certificate/ registration document issued by Sales Tax/Service Tax/ Professional Tax authorities. | One copy of an OVD containing details of identity and address, one recent photograph and PAN or Form 60 of the Directors who are authorized to transact on behalf of the company. | One copy of an OVD containing details of identity and address, one recent photograph and PAN or Form 60 of the Partners/ Trustee etc., as the case may be, holding an attorney to transact on its behalf | One copy of an OVD containing details of identity and address, one recent photo and PAN or Form 60 of the Partners/ Trustee etc., as the case may be, holding an attorney to transact on its behalf | ||
| IEC (Importer Exporter Code) issued to the proprietary concern by the office of DCFT/License/certificate of practice issued in the name of the proprietary concern by any professional body incorporated under a statute. | |||||
| Complete Income Tax Return (not just the acknowledgement) in the name of the sole proprietor where the firm's income is reflected, duly authenticated/acknowledged by the Income Tax authorities. | |||||
| Utility bills such as electricity, water, and landline telephone bills. | |||||
| Note: Udhyam Aadhar is mandatory for MSME loans | |||||
| Note : In case of Proprietorship, if only one of the above mentioned documents have been submitted instead of two documents, then Udhyam Aadhaar is mandatory along with positive office Contact point verification (CPV) & business confirmation (to be done physically) | |||||
| Note: Self-attestation and OSV is mandatory on all the above documents | |||||
| Note : Unregistered trusts/partnership firms shall be included under the term 'unincorporated association' and the term 'body of individuals, includes societies. | |||||
13. Record Management
The following steps shall be taken regarding maintenance, preservation and reporting of customer information, with reference to provisions of PML Act and Rules. IIFL HFL shall,
(a) Maintain all necessary records of transactions between the IIFL HFL and the customer, both domestic and international, for at least five years from the date of transaction;
(b) Preserve the records pertaining to the identification of the customers and their addresses obtained while opening the account and during the course of business relationship, for at least five years after the business relationship is ended;
(c) Make available swiftly, the identification records and transaction data to the competent authorities upon request;
(d) Introduce a system of maintaining proper record of transactions prescribed under Rule 3 of Prevention of Money Laundering (Maintenance of Records) Rules, 2005 (PML Rules, 2005);
(e) Maintain all necessary information in respect of transactions prescribed under PML Rule 3 so as to permit reconstruction of individual transaction, including the following:
(i) the nature of the transactions;
(ii) the amount of the transaction and the currency in which it was denominated;
(iii) the date on which the transaction was conducted; and
(iv) the parties to the transaction.
(f) Evolve a system for proper maintenance and preservation of account information in a manner that allows data to be retrieved easily and quickly whenever required or when requested by the competent authorities;
(g) Maintain records of the identity and address of their customer, and records in respect of transactions referred to in Rule 3 in hard or soft format.
Explanation. – For the purpose of this Section, the expressions "records pertaining to the identification", “identification records”, etc., shall include updated records of the identification data, account files, business correspondence and results of any analysis undertaken.
14. Reporting Requirements to Financial Intelligence Unit - India
IIFL HFL shall furnish to the Director, Financial Intelligence Unit-India (FIU-IND), information referred to in Rule 3 of the PML (Maintenance of Records) Rules, 2005 in terms of Rule 7 thereof.
The reporting formats and comprehensive reporting format guide, prescribed/released by FIU-IND and Report Generation Utility and Report Validation Utility developed to assist reporting entities in the preparation of prescribed reports shall be taken note of to file CTR/STR.
While furnishing information to the Director, FIU-IND, delay of each day in not reporting a transaction or delay of each day in rectifying a mis-represented transaction beyond the time limit as specified in the Rule shall be constituted as a separate violation. IIFL HFL shall not put any restriction on operations in the accounts where an STR has been filed. IIFL HFL shall keep the fact of furnishing of STR strictly confidential. It shall be ensured that there is no tipping off to the customer at any level.
15. Requirements/ obligations under International Agreements
A. Communication from international Agencies
(i) IIFL HFL shall ensure adherence to provisions and ongoing screening of Unlawful Activities (Prevention) (UAPA) Act, 1967 or Weapons of mass destruction act, 2005, United Nations Security Council (UNSC, UNSCRs circulated by the Reserve Bank, Schedules to the Prevention and Suppression of Terrorism (Implementation of Security Council Resolutions) Order, 2007 and amendments thereto, wherever applicable.
(ii) IIFL HFL will take measures to ensure that there is no account/relationship opened in the name of individuals/entities appearing in the lists of individuals and entities, suspected of having terrorist links, which are approved by and periodically circulated by the United Nations Security Council (UNSC) from time to time.
B B. Freezing of Assets under Section 51A of Unlawful Activities (Prevention) Act, 1967 - IIFL HFL shall follow the relevant procedure laid down in the UAPA Order dated February 2, 2021, wherever applicable.
Order to freeze assets under section 12A of WMD Act, 2005 is received from the CNO, IIFL HFL shall take necessary to comply with the order.
IIFL HFL shall undertake countermeasures when called upon to do so by any international or intergovernmental organisation of which India is a member and accepted by the Central Government.
C. FATF Statements circulated by Reserve Bank of India from time to time, and publicly available information, for identifying countries, which do not or insufficiently apply the FATF Recommendations, shall be considered. IIFL HFL shall apply enhanced due diligence measures, which are effective and proportionate to the risks, to business relationships and transactions with natural and legal persons (including financial institutions) from countries for which this is called for by the FATF.
16. Secrecy Obligations and Sharing of Information
(a) IIFL HFL maintained secrecy regarding the customer information which arises out of the contractual relationship between the IIFL HFL and customer.
(b) Information collected from customers for the purpose of opening of account shall be treated as confidential and details thereof shall not be divulged for the purpose of cross selling, or for any other purpose without the express permission of the customer.
(c) While considering the requests for data/information from Government and other agencies, IIFL HFL shall satisfy themselves that the information being sought is not of such a nature as will violate the provisions of the laws relating to secrecy in the transactions.
(d) The exceptions to the said rule shall be as under:
i. Where disclosure is under compulsion of law
ii. Where there is a duty to the public to disclose,
iii. The interest of IIFL HFL requires disclosure and
iv. Where the disclosure is made with the express or implied consent of the customer.
17. CDD Procedure and sharing KYC information with Central KYC Records Registry (CKYCR)
IIFL HFL shall capture the KYC information for sharing with the CKYCR in the manner mentioned in the Rules, as required by the revised KYC templates prepared for 'individuals' and 'Legal Entities' as the case may be.
Government of India has authorised the Central Registry of Securitisation Asset Reconstruction and Security Interest of India (CERSAI), to act as, and to perform the functions of the CKYCR vide Gazette Notification No. S.O. 3183(E) dated November 26, 2015. The ‘live run’ of the CKYCR would start with effect from July 15, 2016 in phased manner beginning with new ‘individual accounts’. Accordingly, IIFL HFL shall take the following steps:
(i) IIFL HFL shall upload the KYC data pertaining to all new individual accounts opened on or after from April 1, 2017 with CERSAI in terms of the provisions of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005.
(ii) IIFL HFL shall capture customer’s KYC records and upload onto CKYCR within 10 days of commencement of an account-based relationship with the customer.
(iii) Operational Guidelines for uploading the KYC data have been released by CERSAI.
(iv) IIFL HFL has to ensure that during periodic updation, the customers are migrated to the current CDD standard.
(v) Where a customer, for the purposes of establishing an account-based relationship, submits a KYC Identifier to a IIFL HFL, with an explicit consent to download records from CKYCR, then IIFL HFL shall retrieve the KYC records online from the CKYCR using the KYC Identifier and the customer shall not be required to submit the same KYC records or information or any other additional identification documents or details, unless:-
(a) there is a change in the information of the customer as existing in the records of CKYCR;
(b) the correspondence address of the customer is required to be verified;
(c) the IIFL HFL considers it necessary in order to verify the identity or address of the customer, or to perform enhanced due diligence or to build an appropriate risk profile of the client.
(d) the validity period of documents downloaded from CKYCR has lapsed.
18. Reporting requirement under Foreign Account Tax Compliance Act (FATCA) and Common Reporting Standards (CRS)
Under FATCA and CRS, IIFL HFL shall adhere to the provisions of Income Tax Rule 114F,114G and 114H and determine whether they are a Reporting Financial Institution as defined in Income Tax Rule 114Fand if so, shall take applicable steps for complying with the reporting requirements as mentioned in Master Directions -KYC.
19. Issuance of Unique Customer identification Code (UCIC)
A Unique Customer Identification Code (UCIC) shall be allotted while entering into new relationships with individual customers as also the existing individual customers by IIFL HFL.
20. Introduction of New technologies
IIFL HFL shall identify and assess the ML/TF risks that may arise in relation to the development of new products and new business practices, including new delivery mechanisms, and the use of new or developing technologies for both new and preexisting products.
21. Quoting of PAN
Permanent account number (PAN) of customers shall be obtained and verified while undertaking transactions as per the provisions of Income Tax Rule 114B applicable to banks, as amended from time to time. Form 60 shall be obtained from persons who do not have PAN.
22. Selling Third Party Products
IIFL HFL acting as agents while selling third party products will comply with the applicable laws/regulations, wherever applicable.
23. Hiring of employees and Employee training
(a) Adequate screening mechanisms as an integral part of their personnel recruitment/hiring process should be put in place.
(b) On-going employee training program shall be put in place so that the members of staff are adequately trained in KYC/AML/CFT policy. Proper staffing of the audit function with persons adequately trained and well-versed in KYC/AML/CFT policies of the IIFL HFL, regulation and related issues shall be ensured.
24. Digital signature/KYC Identifier/ Designated directors/Principal officer/OVD:
As per clause (p) of subsection (1) of section (2) of the Information Technology Act, 2000 (21 of 2000) “Digital Signature” means authentication of any electronic record by a subscriber by means of an electronic method.
“KYC Identifier”: means the unique number or code assigned to a customer by the Central KYC Records Registry.
“Principal officer”: Company to nominate an officer at management level, who shall be responsible for furnishing information as per rule 8 of Prevention of Money-Laundering (Maintenance of Records) Rules, 2005. The Principal Officer shall be responsible for ensuring compliance, monitoring transactions, and sharing and reporting information as required under the law/regulations. The name, designation, contact details and address of the Principal Officer shall be communicated to the FIU-IND and RBI.
“Designated Director” means a person designated by the IIFL HFL to ensure overall compliance with the obligations imposed under Chapter IV of the PML Act and the Rules and shall be nominated by the Board. The Name, Designation and address of designated director shall be communicated to the FIU-IND and RBI.
“Officially Valid Document” (OVD) means the passport, the driving licence, proof of possession of Aadhaar number, the Voter's Identity Card issued by the Election Commission of India, job card issued by NREGA duly signed by an officer of the State Government and letter issued by the National Population Register containing details of name and address.
25. Digital KYC Process
“Digital KYC” means the capturing live photo of the customer and officially valid document or the proof of possession of Aadhaar, where offline verification cannot be carried out, along with the latitude and longitude of the location where such live photo is being taken by an authorized officer of the FI as per the provisions contained in the Act.
Digital KYC Process
A. IIFL HFL shall develop an application for digital KYC process which shall be made available at customer touch points for undertaking KYC of their customers and the KYC process shall be undertaken only through this authenticated application of IIFL HFL.
B. The access of the Application shall be controlled by IIFL HFL and it should be ensured that the same is not used by unauthorized persons. The Application shall be accessed only through login‐id and password or Live OTP or Time OTP controlled mechanism given by IIFL to its authorized officials.
C. The customer, for the purpose of KYC, shall visit the location of the authorized official of IIFL HFL or vice‐versa. The original OVD (ID & Address proof document) shall be in the possession of the customer.
D. IIFL HFL must ensure that the Live photograph of the customer is taken by the authorized officer and the same photograph is embedded in the Customer Application Form (CAF). Further, the system Application of IIFL HFL shall put a water‐mark in readable form having CAF number, GPS coordinates, authorized official’s name, unique employee Code (assigned by REs) and Date (DD:MM:YYYY) and time stamp(HH:MM:SS) on the captured live photograph of the customer.
E. The Application of IIFL HFL shall have the feature that only live photograph of the customer is captured and no printed or video‐graphed photograph of the customer is captured. The background behind the customer while capturing live photograph should be of white colour and no other person shall come into the frame while capturing the live photograph of the customer.
F. Similarly, the live photograph of the original OVD or proof of possession of Aadhaar where offline verification cannot be carried out (placed horizontally), shall be captured vertically from above and watermarking in readable form as mentioned above shall be done. No skew or tilt in the mobile device shall be there while capturing the live photograph of the original documents.
G. The live photograph of the customer and his original documents shall be captured in proper light so that they are clearly readable and identifiable.
H. Thereafter, all the entries in the CAF shall be filled as per the documents and information furnished by the customer. In those documents where Quick Response (QR) code is available, such details can be auto‐populated by scanning the QR code instead of manual filing the details. For example, in case of physical Aadhaar/e‐Aadhaar downloaded from UIDAI where QR code is available, the details like name, gender, date of birth and address can be auto‐populated by scanning the QR available on Aadhaar/e‐Aadhaar.
I. Once the above mentioned process is completed, a One Time Password (OTP) message containing the text that ‘Please verify the details filled in form before sharing OTP’ shall be sent to customer’s own mobile number. Upon successful validation of the OTP, it will be treated as customer signature on CAF. However, if the customer does not have his/her own mobile number, then mobile number of his/her family/relatives/known persons may be used for this purpose and be clearly mentioned in CAF. In any case, the mobile number of authorized officer registered with IIFL HFL shall not be used for customer signature. IIFL HFL must check that the mobile number used in customer signature shall not be the mobile number of the authorized officer.
J. The authorized officer shall provide a declaration about the capturing of the live photograph of customer and the original document. For this purpose, the authorized official shall be verified with One Time Password (OTP) which will be sent to his mobile number registered with IIFL HFL. Upon successful OTP validation, it shall be treated as authorized officer’s signature on the declaration. The live photograph of the authorized official shall also be captured in this authorized officer’s declaration.
K. Subsequent to all these activities, the Application shall give information about the completion of the process and submission of activation request to activation officer of IIFL HFL, and also generate the transaction‐id/reference‐id number of the process. The authorized officer shall intimate the details regarding transaction‐id/reference‐id number to customer for future reference.
L. The authorized officer of IIFL HFL shall check and verify that:‐ (i) information available in the picture of document matches the information entered by authorized officer in CAF. (ii) live photograph of the customer matches with the photo available in the document.; and (iii) all of the necessary details in CAF including mandatory field are filled properly.;
M. On Successful verification, the CAF shall be digitally signed by authorized officer of IIFL HFL who will take a print of CAF, get signatures/thumb‐impression of customer at appropriate place, then scan and upload the same in system. Original hard copy may be returned to the customer.
