AML POLICY

Know Your Customer (KYC) Norms /Anti-Money Laundering (AML) Standards / Combating of Financing of Terrorism (CFT) /Obligation of banks under Prevention of Money Laundering Act (PMLA), 2002

PokiBit is committed to complying with all applicable anti-money laundering (AML) and counter-terrorist financing (CTF) laws and regulations, including those applicable in the United States. This framework aligns with guidance issued by the Financial Crimes Enforcement Network (FinCEN) and international standards such as those of the Financial Action Task Force (FATF).

The key objectives of this document are

1. To establish an effective AML/CTF compliance framework
2. To prevent misuse of the Platform for illicit financial activities
3. To comply with applicable laws and regulatory obligations

To assist law enforcement authorities as requiredMoney Laundering– Definition Money Laundering is moving illegally acquired cash through financial systems so that it appears to be legally acquired.

There are three common stages of money laundering as detailed below which are resorted to by the launderers and institutions that may unwittingly be exposed to a potential criminal activity while undertaking normal business transactions:-

1. Placement- The physical disposal of cash proceeds derived from illegal activity;
2. Layering- Separating illicit proceeds from their source by creating complex layers of financial transactions designed to disguise the source of money, subvert the audit trail and provide anonymity; and
3. Integration- Creating the impression of apparent legitimacy to criminally derived wealth.

If the layering process has succeeded, integration schemes place the laundered proceeds back into the economy in such a way that they re-enter the financial system appearing to be normal business funds.

Money Laundering Risks

The Company is aware that it is exposed to several risks if an appropriate AML framework is not established, which are detailed as under

1. Reputation Risk - Risk of loss due to severe impact on Company’s business. This requires maintaining the confidence of authority, customers, creditors and the general marketplace.
2. Compliance Risk - Risk of loss due to failure of compliance with key Regulations governing the company’s operations.
3. Operations Risk - Risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.
4. Legal Risk - Risk of loss due to any of the above risks or combination thereof resulting in the failure to comply with Law and having a negative legal impact on the Company. The specific types of negative legal impacts could arise by way of fines, confiscation of illegal proceeds, and suspension/termination of licences by the regulators, criminal liability, etc.
5. Financial Risk - Risk of loss due to any of the above risks or combination thereof resulting in negative financial impact on the Company.

The Company recognizes risks including reputational, regulatory, operational, legal, and financial risks associated with inadequate AML controls.

AML/CFT Governance Framework structure

The AML program includes:

• Customer Due Diligence (CDD) / Know Your Customer (KYC)
• Designation of a Compliance Officer
• Employee training
• Internal controls and audits

AML/KYC Standards

Basic Due Diligence [Know Your Customer (KYC)]

The Company implements Customer Due Diligence (CDD) procedures to verify the identity of all users and merchants, assess risk, and prevent misuse of the Platform for unlawful activities.

1. Employees, contractors, and service providersshall be required to provide information to indicate any behavioural aspects of a Merchant that are found to be suspicious at the time of their interaction.
2. Special attention will be given to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose.
3. We do not onboard or continue relationships with individuals or entities identified on applicable sanctions lists, including those maintained by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) and other relevant authorities.Any potential matches will be escalated and reported as required under applicable law. We may freeze, suspend, or restrict accounts where required by applicable law, regulatory authorities, or risk assessment.
4. Measures will be taken to identify beneficial ownership in case of non-individual customers.

Procedure for determining beneficial owner

(a) Where the client is a company, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has a controlling ownership interest or who exercises control through other means.

Explanation.- For the purpose of this subclause- "Controlling ownership interest" means ownership of or entitlement to more than twenty-five percent of shares or capital or profits of the company; "Control" shall include the right to appoint majority of the directors or to control the management or policy decisions including by virtue of their shareholding or management rights or shareholders agreements or voting agreements;

(b) Where the client is a partnership firm, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has ownership of/entitlement to more than fifteen percent of capital or profits of the partnership;

(c) Where the client is an unincorporated association or body of individuals, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has ownership of or entitlement to more than fifteen percent of the property or capital or profits of such association or body of individuals;

(d) Where no natural person is identified under (a) or (b) or (c) above, the beneficial owner is the relevant natural person who holds the position of senior managing official;

(e) Where the client is a trust, the identification of beneficial owner(s) shall include identification of the author of the trust, the trustee, the beneficiaries with fifteen percent or more interest in the trust and any other natural person exercising ultimate effective control over the trust through a chain of control or ownership; and

(f) Where the client or the owner of the controlling interest is a company listed on a stock exchange, or is a subsidiary of such a company, it is not necessary to identify and verify the identity of any shareholder or beneficial owner of such companies.

When should KYC be done?

1. New Customers: a) In case of new contracts, KYC/CDD should be done before entering into any contract with a new customer.
2. Ongoing basis: KYC should also be carried out at the claim payout stage and at times when additional top up remittances are inconsistent with the customer known profile. Any change which is inconsistent with the normal and expected activity of the customer, further KYC processes and / or action as considered necessary.

Risk Profile of the Customer

As financial transactions conducted by the customers are of a very high magnitude. Regulations require the PokiBit to monitor all transactions there under for any suspected incident of money laundering. However, considering the spirit as well as the requirements under the regulations, the monitoring efforts are directed more towards the customers and transactions with higher risk of money laundering, being the Risked Based Approach (RBA) for monitoring and controls.

Adopting a RBA implies the adoption of a risk management process for dealing with Money Laundering (ML) / Terrorist Financing (TF), keeping in mind the magnitude of risk involved.

A risk analysis would be performed to determine where the ML/TF risks are the greatest based on customers, products and services, including delivery channels, and geographical locations. They can change over time, depending on how circumstances develop, and how threats evolve, and our controls would also change accordingly. This process thus encompasses recognizing the existence of the risk(s), undertaking an assessment of the risk(s) and developing strategies to manage and mitigate the identified ML risks.

Enhanced due diligence

Accordingly, the customer's source of funds, his estimated net worth etc., shall be appropriately documented and PokiBit shall obtain income proofs and details of sources of funds for all policies as specified by the Company from time to time.

However, the PokiBit will have power to prescribe rules / limits etc. for any particular payment mode, or to disallow any payment mode(s) for any one or more channels. Enhanced Due Diligence (EDD) may be applied to higher-risk users, including verification of source of funds, additional identity documentation, and ongoing monitoring. We may impose restrictions, limits, or additional verification requirements based on risk assessment.

Prohibition from “Tipping off”

Employees (permanent and temporary) are prohibited (should maintain strict confidentiality) from disclosing the fact that a suspicious transactions report or related information of a Customer/ prospect is being reported or provided to the law enforcement authorities

eRecord Keeping

We retain customer identification data, transaction records, and related documentation for at least five (5) years, or longer where required by applicable law

in order to enable PokiBit to comply swiftly with information requests from the competent authorities. Such records shall be sufficient to permit reconstruction of transactions if necessary, as an evidence for prosecution of criminal activity. PokiBit will retain the records of those contracts with the Merchants, Remitted funds for a period of at least 5 years after that settlement. Records pertaining to all other transactions, (for which the Company is obliged to maintain records under other applicable Legislations / Regulations / Rules) the Company will retain records as provided in the said Legislations / Regulations / Rules but not less than 5 years from the date of end of the business relationship with the Merchant.

The Designated Director/ Compliance Officer and staff assisting in execution of AML guidelines should have timely access to Merchant identification data, other KYC information and records.

The Designated Director/Compliance Officer shall

1. Implementation of the AML Program effectively, including monitoring compliance by the company’s insurance agents with their obligations under the program.
2. Ensure that employees and agents of the PokiBit have appropriate resources and are well trained to address questions regarding the application of the program in light of specific facts.
3. Be responsible for regulatory reporting, as prescribed under the government of India guidelines, suspicious transactions.

Internal Control/Audit

PokiBit internal audit / inspection departments shall verify on a regular basis, compliance with policies, procedures and controls relating to money laundering activities

Review of AML Frameworks

The AML framework shall be reviewed at least annually and changes effected based on experience and regulatory changes shall be incorporated in the same.