BITFIRST CAPITAL ADVISORS PRIVATE LIMITED (hereinafter referred to as "Company", "We", "Us", "Our") which term shall refer to and include its owners, directors, investors, employees or other related parties) is a company incorporated under the laws of India, with registered address at Flat No. 4, Onkar Complex 3rd Floor, Sr No 248/2 D. P. Rd Baner, Baner Gaon, Pune, Haveli, Maharashtra, India, 411045 and its business is licensed and compliant with applicable laws and regulations in India.

The Company provides the Services (as defined hereinafter) to Customers (as defined hereinafter) in India via its platform (titled 'Bitfirst') located at www.bitfirstcapital.com (the "Platform"). The Company acknowledges and accepts that it qualifies as a VDA service provider ("VDA SP") and constitutes a "reporting entity" (RE) for the purpose of the Prevention of Money Laundering Act, 2002 in light of such Services.

The Government of India set up the Financial Intelligence Unit – India ("FIU-IND") as an independent body to oversee business operation of VDA SPs and report directly to the Economic Intelligence Council headed by the Finance Minister. FIU-IND has been established as the central national agency responsible for receiving, processing, analyzing, and disseminating information relating to suspicious financial transactions. FIU-IND is also responsible for coordinating and strengthening efforts of national and international intelligence and enforcement agencies in pursuing the global efforts against money laundering and related crimes. The Company is a registered VDA SP with the FIU-IND bearing registration number [*relevant details to be included herein upon registration].

The Company believes in total transparency and adherence to the law and discourages any illegal activities while using its Services. This Anti-Money Laundering ("AML") / Know Your Customer ("KYC") / Combating Financing of Terrorism (CFT) Policy (hereinafter collectively referred to as "Policy") is a testimony to the Company's commitments to counter risks of money laundering, financing of terrorism while offering Services to Customers (as defined herein after) in India.

The Policy describes the policy and procedures instituted by the Company to ensure that Services offered by the Company are not used facilitate commission of any criminal offences, including but not limited to those provided under the Prevention of Money Laundering Act, 2002 ("PML Act") and the Prevention of Money Laundering (Maintenance of Records) Rules, 2005 ("PML Rules") framed thereunder, the AML & CFT Guidelines For Reporting Entities Providing Services Related To Virtual Digital Assets ("Guidelines") the Unlawful Activities Prevention Act, 1967 ("UAPA") and the Weapons of Mass Destruction and Delivery Systems (Prohibition of Unlawful Activities) Act, 2005 ("WMDA").

Further, the objective of the Policy is to set out KYC/AML/CFT guidelines maintained by the Company to prevent the Services from being used, intentionally or unintentionally by criminal elements for money laundering activities. The guidelines broadly set out measures employed to determine the identity and beneficial ownership of accounts, source of funds, the nature of Customer's business, reasonableness of operations in the account in relation to the Customer's business, etc. Such measures collectively enable the Company to have comprehensive identification of its Customers which in turn helps the Company to manage its risks prudently.

It is advisable that all Customers read, review and understand this Policy and only thereafter, avail the Services offered by the Company.

The scope of this Policy includes all the following:

• To lay down explicit criteria for acceptance of Customers when dealing with virtual digital assets (VDAs) in any form and/or manner.
• To establish procedures to identify individuals/ non-individuals for opening of account and undertake transactions relating to virtual digital assets.
• To establish measures for identifying prospective risks pertaining to Suspicious Transactions (as defined hereinafter) relating to virtual digital assets.
• To establish processes and procedures to monitor high value transactions and/or transactions of suspicious nature in accounts.
• To develop measures for conducting due diligence in respect of Customers and reporting of such Suspicious Transactions.

To fulfil the scope, the following key elements have been incorporated into Our Policy:

• Know Your Customer (KYC): To ensure that the information collected from Customer(s) for the opening of account with Us is confidential and not used for cross selling or any other purposes without their consent. In case of non-compliance of KYC requirements by the Customers despite repeated reminders, the Company would be entitled to impose 'partial freezing' on such KYC non-compliant accounts in a phased manner, after giving due notice of the same to the defaulting Customer.
• Customer Acceptance Policy: To ensure We do not accept any person who is barred by the law of the land as Customer. For this purpose, it shall inter-alia be ensured that a) no account is opened in anonymous or fictitious/ benami name; b) no account is opened for persons with criminal background and/ or having connections with terrorist organization(s); c) no account is opened for persons who are identified as 'money mules'; d) no transaction or account-based relationship is undertaken without following the Customer due diligence procedure, etc (as provided herein).
• Risk Classification: To classify Customers into risk levels, i.e. Low, Medium and High for employing anti-money laundering measures.
• Customer Identification Procedures: To identify Customer and verifying identity by using reliable, independent source documents, data or information as per regulatory prescriptions.
• Monitoring and Reporting of Transactions: To comprehensively monitor transaction in view of sensitivity of Customer accounts held with Us inter alia by tracking threshold limits prescribed for each category of accounts, breaches of threshold and Suspicious Transactions in keeping with applicable laws, as required for filing Suspicious Transaction Reports with the appropriate financial institution and/or FIU-IND.
• Risk Management: To establish suitable framework covering appropriate procedures and ensuring their effective implementation covering proper management oversight, systems and controls segregation of duties, training and other related matters.
• Employee Screening, Awareness and Training: To establish adequate screening mechanism as part of their hiring/ recruitment process. Employees shall have an on-going employee training program to ensure that staff are adequately trained in KYC procedures. Periodic review shall be conducted with regards to systems and procedures for employees' training.
• Record keeping and retention of records: To adhere to the prescriptions in the PML Act as regards maintenance of records, including under Section 12, which places certain obligations including a) maintaining a record of prescribed transactions; b) furnishing information of prescribed transactions to the specified authority; c) verifying and maintaining records of the identity of its clients; and d) preserving records in respect of points above for a period of at least 5 (five) years from the date of cessation of transactions with the clients.

Our KYC/AML/CFT program shall be subject to periodic audit specifically with regard to testing its adequacy to meet the compliance requirements. The audit may be conducted by experienced personnel, not involved in framing or implementing the KYC/AML/CFT program subject to the Policy. The report of such an audit shall be placed before the senior management of the Company for making suitable modifications/ improvements in the instant KYC/AML/CFT Policy.

For the purposes of the Policy, in addition to any words, expressions or terms expressly defined in the introduction and in the text herein, any references to the following terms, words and expressions, wherever used in the Policy, unless repugnant to the meaning or context thereof, shall have the following meanings:

The following norms and procedures shall be followed by the Company in relation to Customers who intend to register themselves with the Company for availing the Services:

• Customers shall be required to undergo a verification process during the activation process of their account by submitting their relevant OVD and such other details, as provided under Clause VI (Customer Identification Procedure) of this Policy;
• Customers can be required to furnish such other additional details as may be deemed necessary by the Company and/or its authorized Service Partner(s) to verify their identity, such as in a situation where Company and/or its authorized Service Partner(s) have reason to believe that the concerned person or entity is enlisted in the Sanctions List.
• Customers can be required to submit such additional information and/or data to Company and/or its authorized Service Partner(s) if so required for furnishing to an authorized government body or competent law enforcement or judicial authority.
• Customers shall be required to certify that their linked bank account is held only with a scheduled commercial bank compliant with all KYC procedures.
• The Company does not allow a Customer account to opened and/ or money to be disbursed in a name which is anonymous or fictitious or appears to be a name borrowed only for opening the account (i.e. Benami Account). The Company shall insist on sufficient proof about the identity of the Customer to ensure his physical and legal existence at the time of onboarding or accepting request for Services any Customer.
• Circumstances in which a Customer is permitted to act on behalf of another person/ entity are required to be clearly spelt out in conformity with the established law and practices (as there could be occasions when an account is operated by a mandate holder or where an account may be opened by intermediary in a fiduciary capacity).
• The Company shall not open any account or give/disburse any amount or close an existing account in the event the Company is unable to apply appropriate due diligence measures, including in the case of the following:
  • where the Company and/or its authorized Service Partner(s) is unable to verify the identity of the Customer;
  • where the Customer without any valid or convincing reasons refuses to provide documents to the Company and/or its authorized Service Partner(s) which are needed to determine the risk level in relation to the transaction intended to be undertaken by the Customer and his/her paying capacity;
  • where the information furnished by the Customer does not originate from the reliable sources or appears to be suspicious due to lack of supporting evidence;
  • where the identity of the Customer directly or indirectly matches with any individual having criminal profile and/or any prohibited/unlawful organizations, whether existing within the country or internationally, or if the Customer (or relative beneficiary of Customer) is found to be associated with or affiliated to any illegal, prohibited or unlawful or terrorist organization or individual as notified from time to time by Government of India or any of the State Governments in India, or any other competent national or international body/ organization.
• The Company shall, at the time of approving a financial transaction/ activity, or executing any transaction shall verify and/or require its Service Partner(s) to verify, the credentials of the Customer undertaking that transaction including but not limited to verification of identity, address, etc.

Subject to the above-mentioned norms and safeguards, the Company will endeavor to ensure that no harassment or inconvenience is faced by bona fide and genuine Customers while dealing with the Company.

The Company shall assess and categorize its Customers based on the risk perceived by the Company. The risk categorization would take place on case-to-case basis subject to extenuating factors including: the industry a certain Customer operates in, the geography in which the Customer operates, the quantum of money involved in the transaction, the shareholding pattern of the entity, etc.

• The profile of new Customers will be categorized as basis evaluation by the Company (and subject to the risk perceived by the Company). The Company and/or its authorized Service Partner(s) may seek relevant information for the purpose of such evaluation from Customers at the time of onboarding or at the time of initiation of transactions. Information which will obtained from Customers for preparation and evaluation of profile will include:
  • Information concerning Customers identity in accordance with the Clause VI of the Policy (Customer Identification Procedure); or
  • Social/ legal and financial status of the Customer; or
  • Nature of the business activity of the Customer; or
  • Information about the business of the Customer's clients and their locations.
• There will be level-wise categorization of Customers i.e. Level I, Level II and Level III which shall be decided based on risk element involved in each case (viz. Low Risk, Medium Risk and High Risk). Such categorization will be determined by considering the following information submitted by the Customer:
  • Nature of business of the Customer and the clients of Customer (where applicable)
  • Workplace of Customer and the clients of Customer (where applicable)
  • Country of Origin
  • Nature of transactions of Customer's business
  • Source of funds
  • Volume of business (six-monthly/annual turn-over)
  • Social/legal and financial status
  • Other information as may be required.
• Information to be collected from the Customers can vary according to categorization of Customer (from the point of view of risk perceived). However, while preparing Customer profile the Company shall seek only such information from the Customer which is necessary and relevant to the risk category (and is not intrusive to the Customer) and shall ensure that its authorized Service Partner(s) do the same. Any other information from the Customer would be sought separately with his/her consent and after Customer onboarding.
• Customers acknowledge that to maintain the integrity of the Risk Level Categorization envisaged herein, the Company and/or its Service Partners will store data related to risk categorization. The Company shall take appropriate measures and shall ensure that its Service Partners take appropriate measures to ensure such data shall be kept confidential and secure in keeping with applicable laws.
• The Customer shall not be entitled to seek disclosure regarding his/her risk categorization or the process employed by Company for the same. Customers acknowledge that the Company and/or its authorized Service Partner(s) may disclose the Customer's risk categorization data to the competent enforcement authority if is found that a particular Customer has executed or is likely to execute any Suspicious Transaction.
• For risk categorization, individuals and entities whose sources of wealth can be easily identified and transactions in whose accounts by and large confirm to the known profile, may be categorized as low risk or Level I category.
  Typical Level I Customers would be:

  • Salaried Employees
  • Government Owned Companies
  • Regulatory and Statutory bodies etc.

  For the above category, KYC requirements would be the proper identification and verification of proof of address. However, Customers acknowledge and accept that other requirements may be identified by the Company and/or its authorized Service Partner(s) on case-to-case basis subject to the applicable laws.

Cases where the Company is likely to incur higher than average risk will be categorized as medium or high-risk Customers and will be placed in medium or high-risk category i.e. Level II or Level III category. For this category, higher due diligence is required (which includes review of Customer's background, nature and location of activity, country of origin, source of funds and his/her client profile and such other requirements may be identified by the Company and/or its authorized Service Partner(s) on case-to-case basis subject to the applicable laws) in addition to proper identification.

Special care and diligence will be taken and exercised in respect of those Customers who happen to be high profile and/or Politically Exposed Persons (PEP) within or outside country. For the purpose of the Policy, the term 'PEP(s)' shall have the meaning assigned to it in the PML Rules.

It is clarified that PEPs shall include and comprise individuals who are or have been entrusted with prominent public functions in a foreign country (e.g., Heads of States or of Governments, senior politicians, senior government/judicial/military officers, senior executives of state-owned corporations, important political party officials, etc.). The Company and/or its authorized Service Partner(s) shall gather sufficient information on any person/Customer of this category intending to establish a relationship and check all the information available on the person in the public domain. The Company and/or its authorized Service Partner(s) shall also verify the identity of the person and seek information about the sources of funds before accepting any PEP as its Customer. The decision with respect to PEP onboarding will be taken by the Principal Officer. The Principal Officer may decline to open such account for any reason that such officer deems suitable, at its sole discretion.

It is further clarified that accounts of PEPs shall be subject to enhanced monitoring on an ongoing basis and such Customer is required to consent to such monitoring. In the event any existing Customer becomes a PEP at any point, approval of the Principal Officer shall be required for the continuous ongoing relationship of that Customer with the Company. [The above norms may also be applied to the accounts of the family members or close relatives of PEPs.]

• The Company and/or its authorized Service Partner(s) shall carry out enhanced due diligence (EDD) in keeping with applicable laws in the event where high risk of money laundering is discerned (consistent with the risks discerned). Typically, the following situations are covered under the situations where enhanced due diligence shall be required:
  • A Customer has provided false or stolen identification documentation or information; or
  • A transaction is complex and unusually large which is difficult to trace or there is an unusual pattern of transaction with no legal and economic purpose; or
  • A Customer has been identified as being high risk given previous reported instances, data and known circumstances, including historical events.
• The extent of enhanced due diligence requirement will vary from case to case as the same will depend upon risk perceived by the Company while providing Services to the Customers.

It is re-iterated that the Customer profile maintained by the Company will be kept confidential. Save and except for cases where disclosure is required by law, the Company shall not disclose the Customer profile or data until the Customer itself allows/consents to the same. The Company shall provide Customer with the option to consent to use and disclosure of the information given in Customer profile/form for the purpose of the Services or for availing other products/Services of other companies/entities belonging to the Company's group or any other legal entity with whom the Company is having any business tie-ups. However, while taking any such permission or consent of the Customer for using his/her above referred information provided to the Company, it will be ensured that such permission/consent of the Customer is unambiguous and explicit.

Customers acknowledge and accept that use of certain Customer data shall be mandatory for the purpose of enabling Services to be fulfilled by Company and/or its authorized Service Partner(s). If the Customer opts to not provide consent for such mandatory use of data, the Customer acknowledges and accepts that some or all of the Services may not be accessible or refused to the Customer as a result.

It is clarified that the purpose of adopting the above measures and norms while taking decisions on the issue of Customer acceptance is twofold. Broadly,

• These measures help ensure there is no lack of proper due diligence exercise due to lack of information which is in the exclusive possession of the Customers.
• These measures curb and prevent any such practice by the Customers which is aimed to achieve unlawful objectives or any other practice by which the financial institutions can be used to perpetuate any criminal or unlawful activities.

The Company and/or its authorized Service Partner(s) require sufficient information from each Customer as necessary to establish, to their satisfaction, the identity of each new Customer, and the purpose of the intended nature of relationship. It is re-iterated that the nature of information/ documents required can vary depend ending on the type of the Customer (individual, corporate etc.) and other extenuating factors on case-to-case basis. Further, information can be required by the Company and/or its authorized Service Partner(s) as necessary to satisfy the competent authorities that due diligence was observed based on the risk profile of the Customer when opening the account and/or permitting the Customer to undertake transactions through its designated account.

For Customers that comprise natural persons, the Company and/or its authorized Service Partner(s) require to obtain sufficient identification data to verify the identity of the Customer, his/her address/location, and also his/her recent photograph.

For Customers that are legal persons or entities, the Company and/or its authorized Service Partner(s) shall:

• Verify the legal status of the legal person/entity through proper and relevant documents;
• Verify that any person purporting to act on behalf of the legal person/entity;

Company shall ensure that records pertaining to the identification of the Customer and his/her address (e.g. copies of documents like passports, identity cards, driving licenses, PAN card, utility bills etc.) are obtained while opening the account with the Company and during the course of business relationship, are properly preserved for at least 5 (five) years after the business relationship is ended. The identification records and transaction data should be made available to the competent authorities upon request.

The Company and/or its authorized Service Partner(s) shall undertake identification of Customers in such cases as it deems necessary including but not limited to the following:

• commencement of an account-based relationship with the Customer.
• when there is a doubt about the authenticity or adequacy of the Customer identification data it has obtained.

For the purpose of verifying the identity of Customers at the time of commencement of an account-based relationship, the Company will, at its option, rely on Customer due diligence done either by itself and/or its authorized Service Partner(s), subject to the following conditions:

• Records or the information of the Customer due diligence carried out by the Service Partner will be periodically obtained from the third party or from the Central KYC Records Registry.
• Adequate steps will taken by the Company to satisfy itself that copies of identification data and other relevant documentation relating to the Customer due diligence requirements shall be made available from authorized Service Partner(s) upon request without delay.
• Adequate steps will taken by the Company to ensure concerned Service Partner(s) will be regulated, supervised or monitored and have measures in place for compliance with Customer due diligence and record-keeping requirements in line with the requirements and obligations under the PML Act.
• The relevant Service Partner(s) shall not be based in a country or jurisdiction assessed as high risk.
• The Company shall not outsource decision-making functions with any third party, including Service Partner(s).

It is acknowledged that the RBI has advised to make the KYC procedures mandatory while opening and operating the accounts. Further, that this is in the interest of Customers to keep safe their hard-earned money and their reputation. At the time of opening an account, the Company will take measures to ensure that the prospective Customer is the person who he/she claims to be.

It is re-iterated that the Company will not use the KYC records of any Customer for any purpose other than the verification of identity in accordance with the Policy. It is further re-iterated that the Company will not disclose or transfer such records to any third party without prior authorization of such Customer, or regulator designated under the PMLA (as the case may be). The information collected will not be used for any monetary purpose and shall be kept confidential. The information collected will be as non-intrusive as possible, and requests for any information that is not mandatory will be labelled as optional.

For this purpose, the indicative list of OVD and other documents/details which Customer must submit (according to his/her profile) is captured herein below in Annexure I.

The Company reserves the right to call for additional documents at any time for further verification at its discretion, based on Customer's profile and trading pattern.

While onboarding a Customer, the Company, shall go through the aforementioned documents and conduct Customer due diligence and, where applicable, to understand the ownership and control structure of the Customer (where Customer is other than an individual) so as to determine who are the natural persons that control the legal entity (i.e. the beneficial owner of the entity).

The procedure for determination of "beneficial owner" shall be carried out subject to the PML Act read with the PML Rules and ancillary Guidelines, which require that REs identify the beneficial owner and take all reasonable steps to verify his/her identity. For the purpose of the Policy, the term "beneficial owner" shall have the meaning assigned under the PML Act and shall refer to a natural person who ultimately owns or controls a client and/or the person on whose behalf the transaction is being conducted and includes a person who exercises ultimate effective control over a juridical person i.e. an entity.

The following procedure will be implemented for determination of beneficial ownership, as advised by the Government of India and in keeping with the PML Act, is as under:

• Where the Customer is a company, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has a controlling ownership interest or who exercises control through other means.

  For the purpose of the above, the term "controlling ownership interest" refers to ownership of or entitlement to more than 10 (ten) per cent of shares or capital or profits of the company. Meanwhile, the term "control" refers to the right to appoint a majority of the directors or to control the management or policy decisions including by virtue of the beneficial owner's shareholding or management rights or shareholders agreements or voting agreements.

  The Company shall endeavor to examine the control structure of the entity, determine the source of funds and identify the natural persons who have a controlling interest and who comprise the management and where the Customer or the owner of the controlling interest is a company listed on a stock exchange, or is a subsidiary of such a company, it shall not be necessary to identify and verify the identity of any shareholder or beneficial owner of such companies.

• Where the Customer is a partnership firm, the beneficial owner is the natural person(s), who, whether acting along or together, or through one or more juridical person, has ownership of/entitlement to more than 10 (ten) per cent of capital or profits of the partnership or who exercises control through other means.
• Where the Customer is an unincorporated association or body of individuals, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has ownership of or entitlement to more than 15 (fifteen) per cent of the property or capital or profits of such association or body of individuals
• Where no natural person is identified under (a) or (b) or (c) above, the beneficial owner is the relevant natural person who holds the position of senior managing official; and
• Where the Customer is a trust, the identification of beneficial owner(s) shall include identification of the author of the trust, the trustee, the beneficiaries with 10 (ten) per cent or more interest in the trust and any other natural person exercising ultimate effective control over the trust through a chain of control or ownership.

There exists the possibility that trust/nominee or fiduciary accounts can be used to circumvent the Customer identification procedures. In such cases, Company shall endeavor to determine whether the Customer is acting on behalf of another person as trustee/nominee or any other intermediary. If so, Company shall insist on satisfactory evidence of the identity of the intermediaries and of the persons on whose behalf they are acting, as also obtain details of the nature of the trust or other arrangements in place.

A Suspicious Transaction (as defined herein above) is one for which there are reasonable grounds to suspect that the transaction is related to a money laundering offence or a terrorist activity financing offence. A Suspicious Transaction can include a transaction that is either completed or attempted.

The Company will determine "reasonable grounds to suspect" a Suspicious Transaction will be determined subject to what is reasonable in the circumstances, including normal business practices and systems within the industry. It is pertinent to note that there is no monetary threshold for making a report on a Suspicious Transaction. A Suspicious Transaction may involve several factors that may on their own seem insignificant but together may raise suspicion that the transaction is related to the commission or attempted commission of a money laundering offence, a terrorist activity financing offence, or both. The context in which the transaction occurs or is attempted is a significant factor in assessing suspicion. An assessment of suspicion shall be based on a reasonable evaluation of relevant factors, including the knowledge of the Customer's business, financial history, background and behavior. Strict confidentiality will be maintained by the Company and its employees in relation to furnishing/ reporting details of such Suspicious Transactions.

The Principal Officer shall be responsible for reporting a Suspicious Transaction to relevant appropriate authorities such as the FIU-IND in circumstances where Company believes that it would no longer be satisfied that it knows the true identity of the account holder or intended nature of the transaction in keeping with the timelines and procedures stipulated in the PML Rules.

The Company reserves the right to close the account of KYC non-compliant Customers after issuing due notice to the Customer explaining the reasons for taking such a decision. While it is absolutely necessary for the Company as well as Customers to comply with the measures prescribed for KYC/AML/CFT purposes under the applicable laws, as far as possible, Company will seek to ensure that drastic measures like closing of accounts are taken only after sending out sufficient and discernible warning to the Customers, which may vary based on the level of Customer education and public awareness on the subject.

In all such cases, however, where the Customer account holders are not responding over a period of time/ not found at the given address, Company may take such action as deemed necessary to comply with KYC/ AML/ CFT guidelines without denying basic transactional facilities.

Before taking the extreme step of closing an account basis the non-compliance with the KYC/ AML/ CFT requirements, as an initial measure, the Company shall place such accounts under close watch. The Company shall be entitled to deprive non-compliant Customers certain additional facilities or Services, as deemed necessary, till the Customer complies with such requirements. This exercise, however, shall not extend beyond a period of [1 (one) month]. If the Customer, despite such measures, shows unwillingness to comply with KYC/ AML/ CFT requirements stipulated by the Company, Company would be free to proceed further and close the accounts after giving due notice to him/her.

In case of non-compliance of KYC requirements by the Customers despite repeated reminders by Company, Company shall impose partial freezing on such KYC non-compliant accounts in a phased manner. The Company shall, however, allow account holders to revive accounts by submitting the deficit KYC documents as per instructions in force. While imposing partial freezing, Company shall ensure that the option of partial freezing is exercised after giving due notice of [1 (one) month] initially to the Customers to comply with KYC requirements and followed by a reminder for further period of [1 (one) month]. Thereafter, Company shall impose partial freezing by allowing all credits and disallowing all debits, with the freedom to close the accounts.

If the accounts continue to remain KYC non-compliant even after [2 (two) months] of imposing initial partial freezing, the Company will be entitled to disallow all withdrawals and deposits from/to the accounts, rendering them inoperative. Further, it would always be open to the Company to close the account of such Customers after issuing due notice to the Customer explaining the reasons for taking such a decision. In the circumstances when the Company believes that it would no longer be satisfied about the true identity of the account holder, the Company shall file a Suspicious Transaction Report (STR) with relevant authorities in the manner provided in the Policy and prescribed under the PML Act read with the PML Rules and shall ensure strict confidentiality is maintained concerning the same.

It is essential for the Company to have a clear knowledge and understanding about the normal working pattern and activity of the Customer so that the Company can identify all such unusual transactions which would fall outside the normal transactions of the Customer.

To achieve this purpose, ongoing monitoring of the transactions and Customers is necessary. For the purposes of monitoring and verifying transactions carried out by Customers during the period of their active registration/relationship with the Company, the Company may engage various third-party entities or tools for various purposes including (but not limited to) wallet screening and transaction monitoring.

The extent of such monitoring and/or screening shall depend upon the level of risk involved in a particular account/ transaction. Any transaction or activity of the Customer which gives rise to suspicion will be given special attention. Such monitoring and screening is important to keep a check on any act or omission of the Customer which may amount to money laundering or support any act relating to use of finance for criminal activities.

In accordance with the abovementioned purpose, the Company will comprehensively monitor all the transactions going through the Platform (including through Company systems or intermediary service providers) where at least one wallet (originator or beneficiary) is hosted by the Company on its systems. Company will initiate a process of additional and enhanced due diligence for which it may seek the following documentation from such Customers:

• a declaration form from Customers to affirm that all virtual digital assets and all funds used by such Customer are sourced through legitimate channels, and which contain other details in relation to the Customer;
• bank statements for such Customers;
• a certificate from a chartered accountant, with details in relation to the financial soundness of the Customer and the Customer's compliance with the PMLA; and
• documents for the physical verification of identity and address for such Customer.

All necessary transactional reports including STRs shall be filed electronically or as per the norms stipulated by FIU-IND from time to time.

The Company shall carry out a review of risk categorization of Customers periodically. During such review, the risk assigned to an existing Customer may undergo change depending on the change in risk parameters of the Customer. Wherever there is suspicion at Company level that a Customer is above low risk, the Company shall carry out Customer due diligence in the manner mentioned herein.

During monitoring of transactions, the Company shall arrive at a conclusion whether the transaction is suspicious or not, based on objective parameters for enhanced due diligence. Some of the objective parameters for enhanced due diligence could be:

• Customer locations.
• Social/ Financial Status.
• Nature of business.
• Purpose of transaction.
• Source of funds.

The Company shall pay close attention to the transactions that exceed the prescribed threshold limits and other specified transactions as per applicable laws. Keeping this in view, the Company shall pay particular attention to the transactions which exceed the prescribed limits, either per transaction or credit and debit summation in a single month and seek to identify transactions that involve large amounts of monies inconsistent with the normal and expected activity of the Customer or very high account turnover inconsistent with the size of the balance maintained (which may indicate that funds are being 'washed' through that account) etc. In such cases, the Company shall keep a close and careful watch on the subsequent mode of payments adopted by such Customer. Such transactions shall be reported to the Principal Officer appointed as per this Policy in accordance with the PML Act read with ancillary rules and regulations. Further, Company shall ensure that proper record of all relevant transactions is preserved and maintained as required under the PML Act (and ancillary rules and regulations). The information which shall be preserved as part of the records shall include information regarding:

• The nature of transactions;
• The amount of the transaction and the currency in which it was denominated;
• The date on which the transaction was conducted; and
• The parties to the transaction

The Company shall employ a comprehensive transaction monitoring process from a KYC/AML perspective. The Company shall implement strong transaction alerts which will provide proactive signals on Suspicious Transactions and possible money laundering. The Company's AML monitoring team shall endeavor to update the list based on the current understanding of the market scenario and trading patterns followed by Customers.

Further, a regular report of the number of alerts received, reviewed, pending and escalated would be maintained by the Company.

An Internal Audit team shall be constituted to undertake the responsibility for independent oversight of the compliance with these requirements. A qualified Chartered Accountant shall be appointed to the team, who together with other team members, will establish a mechanism to verify on regular basis, compliance with policies, procedures and controls outlined herein. The Company shall require the team to report on, inter-alia, the robustness of the internal polices and processes implemented by the Company and make constructive suggestions where necessary, to strengthen the policy and implementation aspects thereof.

In case any irregularity is observed, or any Suspicious Transaction is identified, Principal Officer shall escalate/ report to concerned authorities. A system of periodical updating of Customer identification data (including photographs) after the account is opened shall be introduced. Company would need to continue to carry out on-going due diligence with respect to the business relationship with every Customer and closely examine the transactions to ensure that they are consistent with their knowledge of the client, his/her business and risk profile and, wherever necessary, the source of funds.

To ensure complete and satisfactory compliance, the Company shall inter-alia adhere to and require concerned Service Partner(s) to adhere to the following:

• Full KYC exercise will be required to be done at least every [1 (one) year(s)] (or such other period as the Company may notify) for all Customers belonging to high, medium, and low risk categories respectively.
• Physical presence of the Customer may, however, not be insisted upon at the time of such periodic updation.
• Fresh photographs will be required to be obtained from minor Customer on becoming major.
• Fresh documents need not be furnished if an existing KYC compliant Customer of the Company desires to open another account.
• Necessary checks shall be applied before opening a new account to ensure that the identity of the Customer does not match with any person with known criminal background or with banned entities such as individual terrorists or terrorist organizations, etc.
• The process of confirming and updating identity and address, and the extent of additional KYC information collected shall be an ongoing process.
• The Company shall ensure the KYC/AML/CFT Policy is reviewed at least once every year and as and when necessary, changes are incorporated.

Monitoring of source of funds

The Company will endeavor to identify the Source of Funds (SOF) of its Customers to fight against money laundering and terrorism financing subject to the Policy. An SOF inquiry conducted by the Company as per the AML Policy may typically involve the following measures and considerations:

• The Company will conduct SOF inquiries in alignment with a Customer's risk profile. A greater degree of scrutiny is applied to higher risk Customers.
• The Company could collect documentary evidence to support the SOF enquiry and also seek to obtain an explanation from the Customer.
• The Company could also scrutinize Customer bank statements to support the SOF enquiry.
• The Company documents every step of the SOF process in order to inform subsequent law enforcement investigation.

Monitoring of Source of Wealth

The Company, in addition to monitoring the SOF will endeavor to identify the Source of Wealth (SOW) of its Customers to combat money laundering and terrorism financing. An SOW inquiry conducted by the Company as per the AML Policy may typically involve the following measures and considerations:

• The Company will conduct SOW inquiries in alignment with a Customer's risk profile. A greater degree of scrutiny is applied to higher risk Customers.
• The Company could collect documentary evidence to support the SOW enquiry and also seek to obtain an explanation from the Customer.
• The Company could also scrutinize Customer bank statements to support the SOW enquiry.
• The Company documents every step of the SOW process in order to inform subsequent law enforcement investigations.

Prohibited Activities

The Company follows a strict policy and does not allow use of its Services for any "prohibited activities" as restricted or considered lawful under the PML Act and other applicable laws ("Prohibited Activities"). Company has established procedure for conducting manual and technical checks to ensure that no Customer is indulging in any Prohibited Activities. Customers are strictly restricted to make use of the Services of the Company for any Prohibited Activities in any manner.

The Prohibited Activities for the purposes of this Policy shall include:

• Fraud: Any act or omission, including a misrepresentation that knowingly or recklessly misleads, or attempts to mislead, a party to obtain a financial or other benefit or to avoid an obligation.
• Corruption: Offering, giving, receiving, or soliciting, directly or indirectly, anything of value to influence the decision of another party.
• Collusion: Arrangement between two or more parties designed to achieve an improper purpose, including influencing improperly the actions of another party.
• Terrorist financing: Provision or collection of funds, by any means, directly or indirectly, with the intention that they should be used or in the knowledge that they are to be used, in full or in part, in order to carry out any of the offences related to the terrorism or financing related to the terrorism.
• Criminal conduct: Any criminal conduct which constitutes an offence in any part of the world or would constitute an offence in any part of the world if it occurred there.
• Money laundering: Money laundering is essentially the process of engaging in such financial transactions that are designed to conceal the true origin of criminally derived funds for the purpose of ensuring that such proceeds appear to have been received through legitimate sources/origins as defined under PML Act.

For effective implementation of KYC/ AML/ CFT policy there will be proper co-ordination, Company endeavors to ensure there is communication and understanding amongst all the members of the Company. All officials of the Company are required to ensure that an effective KYC/ AML/ CFT program is put in place by establishing proper procedures and ensuring their effective implementation.

Further, the Designated Director and Principal Officer are required to ensure that employees are made aware of their respective responsibilities in relation to KYC policy, given proper attention and appreciated and such responsibilities are discharged with utmost care and attention by them and the Company. The Principal Officer of the Company will carry out periodic checks to find out as to whether all features of the Policy are being followed and adhered to.

The Company shall also mandatorily include a review of adherence to the Policy in its internal audit scope.

In case any existing Customer does not co-operate in providing the information required as per KYC policy or conducts himself/herself in such manner which gives rise to suspicion about his/her identity or credentials, the Company requires that such matters are brought to the notice of Principal Officer who in turn will make necessary inquiries and if required shall forward the name of such Customers to the authorities concerned for appropriate action.

Virtual Digital Asset Transfers

In line with the Guidelines, "VDA transfers" for the purpose of the Policy shall be construed as "wire transfers" and subject to equivalent regulation under applicable laws.

Wire transfer is an instantaneous and most preferred route for transfer of funds across the globe and hence, there is a need for preventing terrorists and other criminals from having unfettered access to wire transfers for moving their funds and for detecting any misuse when it occurs.

Akin to wire transfers, the Company shall maintain a record of all cross-border VDA transfers, where either the origin or destination of the fund is in India and furnish the information of all such transactions to Principal Officer. Information accompanying wire transfers shall contain the name and address of the originator and where an account exists, the number of that account. In the absence of an account, a unique reference number, as prevalent in the country concerned, shall be included. Company shall follow the detailed procedures outlined in the PML Act read with the PML Rules as well as Guidelines relating to VDA transfers.

Government Approvals

This Policy shall be subject to review and amendment from time to time in keeping with the requirements of applicable laws in India including the PML Act, PML Rules and the Guidelines.

At present, there is no principal or consolidated framework for dealing in virtual digital assets which is be formulated, regulated and implemented by the Government of India. In the event of introduction of new legislation or legislative changes in relation to virtual digital assets, this Policy shall be amended and updated by the Company appropriately, with or without notice to the Customer.

Company has given full disclosure of the current regulatory status with respect to virtual digital assets including but not limited to stable coins, cryptocurrencies or tokens in India and the risk involved in dealing with or investing in the same via the Services. The Customer is deemed to have understood, agreed to and accepted the risk and costs of such investment and use of Services.

Appointment of Officials

To ensure effective implementation of this Policy and to further ensure proper co-ordination and communication between the Company and banks and other enforcement agencies, the Company has designated a Principal Officer in keeping with requirements in the PML Act and ancillary rules and regulations.

The role of the Principal Officer is inter alia to maintain an effective communication and liaison with banks and other enforcement agencies which are involved in the fight against money laundering and combating financing of terrorism, and to take appropriate steps in all such matters which are brought to the notice of the Principal Officer by the Company with regard to any suspicious acts or omissions or acts of non-compliance on the part of any Customers. Principal Officer of the Company is the nodal officer responsible for KYC/AML/CFT compliance and shall be responsible for monitoring and reporting all transactions and sharing information as required under the law.

Ms. Priyanka Chechani has been appointed as the Principal Officer of the Company. With his/her professional background and understanding of regulatory requirements, he/she is well prepared to effectively oversee the registration process and ensure the company's compliance with the necessary guidelines.

Meanwhile, the Company has also appointed Mr. Shravan Samdani as its Designated Director in keeping with requirements in the PML Act and ancillary rules and regulations. With his/her extensive knowledge and experience in financial operations and regulatory compliance, he/she brings valuable expertise to oversee the Company's adherence to the necessary requirements.

The Company implements appropriate screening mechanism(s) as an integral part of its personnel recruitment/ hiring process.

Further, it ensures that an on-going employee training program is put in place so that the members of staff are adequately trained in KYC/ AML/ CFT compliance, and the requirements outlined in this Policy and applicable laws. The focus of such training is different for staff engaged at different levels of functionality when dealing with new Customers.

Proper staffing of the audit function with employees and staff which are adequately trained and well-versed in KYC/ AML/ CFT policies and programs of the Company as well as regulation and related issues is ensured by the Company as a key part of the employee hiring and training process.

Due Diligence on Employees

The Company shall typically perform the following due diligence on prospective employees prior to their date of joining:

The above due diligence as well as documents collected for such purpose are treated with strict confidentiality in keeping with applicable laws.

The Company shall follow all requirements stated in the PML Act, relating to the preservation and reporting of Customer account information i.e. maintain and preserve the records for a period of 5 (five) years.

The Company shall follow all procedures for monitoring of transactions on an on-going basis in accordance with this Policy and applicable laws. In keeping with the Policy, monitoring will be conducted taking into consideration the risk profile of the account. High Risk Accounts will be strictly monitored for all transactions. Special attention shall be paid to all complex, unusually large transactions and all unusual patterns, which have no apparent logical or visible lawful purpose.

The Company shall ensure all appropriate steps are taken to evolve a system for proper maintenance and preservation of information in a manner (typically in hard and soft copy) that allows data to be retrieved easily and quickly whenever required or when requested by the competent authorities.

A copy of all information furnished shall be retained by the Principal Officer for the purposes of official record.

The Company reserves the right, at its sole discretion, to change, modify, add, or remove portions of this Policy, at any time with or without any prior notice to Customers. Customers acknowledge and accept that these Terms and Policies may be amended from time to time and such amendments will become effective and binding from the time of their publication, announcement, or communication of the amendment on the Platform of the Company (as may be applicable). Customers continued use of the said Platform (and its Services) shall confirm and signify consent to and acceptance of such amendments. It is the responsibility of Customers to review the Policy periodically for updates/changes, therefore. The Company encourages Customers to regularly revisit the Policy published on the Platform to be updated as regards any amendments.

The Company shall ensure that it does not have any account in the name of individuals/ entities appearing in the lists of individuals and entities, suspected of having terrorist links, which are approved by and periodically circulated by the United Nations Security Council in keeping with applicable laws including the Unlawful Activities (Prevention) (UAPA) Act, 1967.

The details of key relevant lists are as under:

• The "ISIL (Da'esh) & Al-Qaida Sanctions List", which includes names of individuals and entities associated with the Al-Qaida.
• The "1988 Sanctions List", consisting of individuals and entities associated with the Taliban.

Details of accounts resembling any of the individuals/ entities in the lists shall be reported to FIU-IND apart from advising Ministry of Home Affairs as required under UAPA.

In addition to the above, Company shall ensure compliance with applicable United Nations Security Council Resolutions (UNSCRs) and/or directions circulated by the RBI (including the Master Direction - Know Your Customer (KYC) Direction, 2016) in respect of any other jurisdictions/ entities from time to time shall also be taken note of.

Required Documents for KYC Verification:

• Aadhaar
• PAN Card
• Passport