Anti-Money Laundering Policy (India)

1. Introduction and Regulatory Framework

NomercyX ("Company") is committed to preventing money laundering, terrorist financing, and other financial crimes in compliance with Indian laws and regulations. This Anti-Money Laundering (AML) Policy is designed to ensure full compliance with the regulatory framework governing financial services in India.

1.1 Applicable Laws and Regulations

• Prevention of Money Laundering Act, 2002 (PMLA) and Rules 2005
• Foreign Exchange Management Act, 1999 (FEMA) and regulations
• Reserve Bank of India (RBI) Master Directions and Circulars
• Unlawful Activities (Prevention) Act, 1967 (UAPA)
• Information Technology Act, 2000 and amendments
• Securities and Exchange Board of India (SEBI) regulations
• Financial Intelligence Unit - India (FIU-IND) guidelines
• Ministry of Home Affairs (MHA) notifications on terrorist organizations

1.2 Regulatory Authorities

• Financial Intelligence Unit - India (FIU-IND): Central agency for receiving, processing, analyzing and disseminating information relating to suspect financial transactions
• Reserve Bank of India (RBI): Central banking authority regulating financial institutions
• Enforcement Directorate (ED): Law enforcement agency investigating financial crimes
• Central Board of Direct Taxes (CBDT): Tax administration authority
• Directorate of Revenue Intelligence (DRI): Intelligence agency for customs and indirect taxes
• Securities and Exchange Board of India (SEBI): Capital markets regulator (proposed multi-regulator framework for crypto)

1.3 2024-2025 Regulatory Updates

2. Customer Due Diligence (CDD) - India Specific

2.1 Customer Identification Programme (CIP)

In accordance with PMLA Rules 2005, we implement a comprehensive Customer Identification Programme for all Indian residents and entities:

Individual Customers (Indian Residents)

• Aadhaar Card: Unique Identification Number (mandatory for Indian residents)
• PAN Card: Permanent Account Number (mandatory for transactions above ₹50,000)
• Passport: Valid Indian passport with current address
• Voter ID Card: Election Commission of India issued ID
• Driving License: Valid driving license issued by RTO
• Bank Account Statement: From scheduled commercial bank (last 3 months)
• Utility Bills: Electricity, gas, telephone, or water bill (not older than 3 months)
• Form 60/61: For customers without PAN (as per Income Tax Rules)

Corporate Customers (Indian Entities)

• Certificate of Incorporation: From Registrar of Companies (ROC)
• Memorandum and Articles of Association
• PAN Card: Corporate PAN issued by Income Tax Department
• GST Registration Certificate: Goods and Services Tax registration
• Board Resolution: Authorizing account opening and authorized signatories
• Form DIR-12: List of directors filed with MCA
• Beneficial Ownership Declaration: As per Companies Act, 2013
• Audited Financial Statements: Last 2 years (for established companies)
• Bank Account Details: Current account with scheduled commercial bank

2.2 Enhanced Due Diligence (EDD) - India

Enhanced Due Diligence is mandatory for:

• Politically Exposed Persons (PEPs): As defined by RBI guidelines including:
  • Current and former senior government officials
  • Senior political party officials
  • Senior executives of state-owned enterprises
  • Important judicial or military officials
  • Family members and close associates of PEPs
• Non-Resident Indians (NRIs): Additional FEMA compliance requirements
• High Net Worth Individuals: Annual income above ₹1 crore or net worth above ₹2 crore
• Cash-Intensive Businesses: Businesses dealing primarily in cash transactions
• Trusts and Foundations: Non-profit organizations and charitable trusts
• Correspondent Banking Relationships: Financial institutions

2.3 Ongoing Due Diligence

• Annual KYC review for all customers
• Periodic update of customer information (every 2 years for individuals, annually for corporates)
• Transaction monitoring against customer profile
• Regular screening against updated sanctions lists
• Source of funds verification for large transactions

3. Transaction Monitoring and Reporting Thresholds

3.1 Cash Transaction Report (CTR) - India

3.2 Suspicious Transaction Report (STR) - India

3.3 Cross Border Wire Transfer (CBWT) Report

• Threshold: ₹5 lakh or equivalent for cross-border wire transfers
• Reporting Timeline: Within 7 days to FIU-IND
• FEMA Compliance: Additional reporting to RBI for FEMA violations
• Documentation: Purpose code and supporting documents required

3.4 Counterfeit Currency Report (CCR)

• Immediate reporting of suspected counterfeit currency
• Reporting to local police and FIU-IND
• Preservation of evidence as per legal requirements

4. Sanctions and Prohibited Lists - India

4.1 Indian Sanctions Lists

• UAPA Schedule: List of terrorist organizations under Unlawful Activities (Prevention) Act
• MHA Notifications: Ministry of Home Affairs designated terrorist individuals and entities
• RBI Circulars: Entities subject to financial sanctions
• UN Security Council Lists: UN consolidated sanctions list
• FATF High-Risk Jurisdictions: Countries with strategic AML/CFT deficiencies

4.2 Screening Process

• Real-time screening during customer onboarding
• Daily batch screening against updated lists
• Transaction-level screening for all payments
• Immediate account freezing for positive matches
• Reporting to FIU-IND and law enforcement within 24 hours

4.3 High-Risk Countries and Jurisdictions

Enhanced due diligence for transactions involving:

• Countries identified by FATF as high-risk
• Jurisdictions with inadequate AML/CFT measures
• Countries subject to UN Security Council sanctions
• Nations with significant money laundering or terrorist financing risks

5. Suspicious Activity Indicators - India Context

5.1 Transaction-Based Indicators

• Transactions just below CTR reporting threshold (₹10 lakh)
• Multiple transactions in different branches/locations on same day
• Large cash deposits followed by immediate wire transfers
• Transactions inconsistent with customer's declared income/business
• Frequent transactions with high-risk jurisdictions
• Use of multiple accounts to fragment transactions
• Transactions involving recently opened accounts

5.2 Customer Behavior Indicators

• Reluctance to provide KYC documents or information
• Providing false or suspicious identification documents
• Unusual nervousness or evasive behavior
• Lack of knowledge about transaction purpose
• Requesting transactions to be processed urgently without valid reason
• Attempting to bribe or influence staff

5.3 India-Specific Red Flags

• Transactions involving hawala or informal money transfer systems
• Large cash transactions in border areas
• Transactions involving shell companies with minimal business activity
• Use of benami (proxy) accounts or transactions
• Transactions involving politically exposed persons without proper documentation
• Cryptocurrency transactions for tax evasion purposes
• Transactions involving unregulated financial schemes or ponzi schemes

6. Record Keeping Requirements - India

6.1 PMLA Record Keeping Requirements

As per PMLA Rules 2005, we maintain the following records:

• Customer Records: All KYC documents and customer information for 5 years after account closure
• Transaction Records: All transaction records for 5 years from the date of transaction
• Correspondence: All correspondence with customers for 5 years
• Account Files: Complete account opening and maintenance records
• Suspicious Transaction Reports: Copies of all STRs filed with FIU-IND
• Training Records: Employee training records and certifications

6.2 Additional Documentation

• Board resolutions and policy approvals
• Audit reports and compliance assessments
• Regulatory correspondence and inspection reports
• System logs and monitoring reports
• Third-party due diligence reports

6.3 Data Protection and Privacy

• Compliance with Information Technology Act, 2000
• Data localization requirements for Indian customer data
• Secure storage and transmission of sensitive information
• Access controls and audit trails for data access
• Regular data backup and disaster recovery procedures

7. Training and Awareness Program

7.1 Mandatory Training Requirements

• Initial Training: Comprehensive AML training for all new employees within 30 days
• Annual Refresher: Mandatory annual AML training for all staff
• Role-Specific Training: Specialized training for compliance, operations, and customer-facing staff
• Senior Management Training: Advanced AML training for senior management and board members
• Certification Requirements: AML certification from recognized institutions

7.2 Training Content - India Focus

• PMLA, FEMA, and other applicable Indian laws
• FIU-IND reporting requirements and procedures
• Indian sanctions lists and screening procedures
• Suspicious transaction identification and reporting
• Customer due diligence and KYC requirements
• Record keeping and documentation requirements
• Cryptocurrency-specific risks and controls
• Case studies and practical scenarios

7.3 Training Assessment and Documentation

• Written assessments and practical evaluations
• Minimum passing scores and remedial training
• Training attendance and completion records
• Regular updates based on regulatory changes
• External training and conference participation

8. Governance and Organizational Structure

8.1 Principal Officer (PMLA Compliance)

• Designation: Principal Officer as required under PMLA
• Responsibilities: Overall AML compliance and FIU-IND reporting
• Reporting: Direct reporting to Board of Directors
• Authority: Independent authority to implement AML measures
• Qualifications: Minimum qualifications as prescribed by regulations

8.2 AML Compliance Committee

• Board-level AML oversight committee
• Quarterly review of AML policies and procedures
• Review of suspicious transaction reports
• Assessment of AML program effectiveness
• Approval of policy changes and updates

8.3 Independent Audit and Review

• Annual independent AML audit by external auditors
• Internal audit function with AML expertise
• Regular compliance testing and monitoring
• Remediation of audit findings and recommendations
• Regulatory examination preparedness

9. Technology and System Controls

9.1 AML Technology Infrastructure

• Transaction Monitoring System: Real-time monitoring of all transactions
• Sanctions Screening: Automated screening against all relevant lists
• Customer Risk Rating: Dynamic risk assessment and scoring
• Case Management: Workflow management for investigations
• Regulatory Reporting: Automated report generation and filing
• Data Analytics: Advanced analytics for pattern detection

9.2 System Security and Controls

• Multi-factor authentication and access controls
• Encryption of sensitive data and communications
• Regular security assessments and penetration testing
• Audit trails and system logging
• Business continuity and disaster recovery plans
• Regular system updates and patch management

10. Enforcement and Penalties

10.1 Customer Sanctions

• Account Suspension: Temporary suspension pending investigation
• Account Termination: Permanent closure of customer relationship
• Fund Freezing: Freezing of funds pending regulatory clearance
• Regulatory Reporting: Filing of STR with FIU-IND
• Law Enforcement Referral: Referral to appropriate authorities
• Legal Action: Civil or criminal proceedings as applicable

10.2 Regulatory Penalties

Under Indian law, AML violations may result in:

• PMLA Penalties: Imprisonment up to 7 years and fine up to ₹5 lakh
• FEMA Penalties: Fine up to 3 times the sum involved in violation
• RBI Penalties: Monetary penalties and license revocation
• Asset Forfeiture: Attachment and confiscation of proceeds of crime
• Criminal Prosecution: Criminal charges under applicable laws

11. Contact Information and Reporting

11.1 Regulatory Authorities

• FIU-IND: fiuindia@nic.in | www.fiuindia.gov.in
• Reserve Bank of India: www.rbi.org.in
• Enforcement Directorate: www.enforcementdirectorate.gov.in
• Ministry of Home Affairs: www.mha.gov.in

11.2 Whistleblower Protection

We provide protection for employees and customers who report suspicious activities or AML violations in good faith. All reports are treated confidentially and investigated promptly. Retaliation against whistleblowers is strictly prohibited.