KYC Policy

Know Your Customer (Kyc) & Anti Money Laundering (Aml) Policy

As per the RBI Master Direction – Know Your Customer (KYC) Direction, 2016 dated February 25, 2016 and updated from time to time wherein Non-Banking Finance Companies (NBFCs) are advised to follow certain customer identification procedures while undertaking a transaction either by establishing an account-based relationship or otherwise and monitor their transactions., Aptus Finance India Private Limited (Company) has framed the following Know Your Customer (KYC) and Anti Money Laundering (AML) Polciy This policy shall come in to force with effect from August 11, 2020.

This policy is applicable to all categories of products and services offered by the Company


Objective of RBI guidelines is to prevent NBFCs being used, intentionally or unintentionally by criminal elements for money laundering activities. The guidelines also mandates making reasonable efforts to determine the true identity and beneficial ownership of accounts, source of funds, the nature of customer’s business, reasonableness of operations in the account in relation to the customer’s business, etc. which in turn helps the Company to manage its risks prudently. Accordingly, the main objective of this policy is to enable the Company to have positive identification of its customers.

Know Your Customer' Standards

The Company has framed its KYC policy incorporating the following four key elements:

  1. Customer Acceptance Policy;
  2. Customer Identification Procedures;
  3. Monitoring of Transactions; and
  4. Risk Management.

For the purpose of the KYC policy, a ‘Customer’ is defined as:

A person who is engaged in a financial transaction or activity with the Company and includes a person on whose behalf the person who is engaged in the transaction or activity, is acting. A person has the same meaning assigned in the Prevention of Money-Laundering Act, 2002 and includes:

  1. an individual,
  2. a Hindu undivided family,
  3. a company,
  4. a firm,
  5. an association of persons or a body of individuals, whether incorporated or not,
  6. every artificial juridical person, not falling within any one of the above persons (a to e), and
  7. any agency, office or branch owned or controlled by any of the above persons (a to f).

Customer Acceptance Policy (CAP)

The Company shall ensure the following norms while accepting and dealing with its customers:

  1. No account is opened in anonymous or fictitious/benami name(s);
  2. No account is opened where it is unable to apply appropriate Customer Due Diligence (CDD) measures, either due to non-cooperation of the customer or non-reliability of the documents/information furnished by the customer.
  3. No transaction or account-based relationship is undertaken without following the CDD procedure.
  4. The Company shall apply CDD at Unique Customer Identification Code (UCIC) level. However, if an existing KYC compliant customer of the Company desires to open another account, there shall be no need for a fresh CDD exercise.
  5. The Company shall ensure that the identity of the customer does not match with any person or entity, whose name appears in the sanctions lists circulated by Reserve Bank of India.
  6. Where Permanent Account Number (PAN) is obtained, the same shall be verified from the verification facility of the issuing authority.
  7. While carrying out the due diligence, the Company will ensure that the procedure adopted does not result in denial of banking/financial facility to members of the general public, especially those, who are financially or socially disadvantaged.
  8. When the true identity of the account holder is not known, the Company shall file Suspicious Transaction Reporting (STR) as provided below.

The Company will prepare a profile for each new customer which may contain information relating to the customer’s identity, social/financial status, nature of business activity, information about his clients’ business and their location, etc. The nature and extent of due diligence will depend on the risk perceived by the Company. However, while preparing the customer profile, the Company will seek only such information from the customer which is relevant and is not intrusive. The customer profile will be a confidential document and details contained therein will not be divulged for cross selling or any other purposes.

Given the nature of our business – small ticket loans to low and middle income, informal and financially excluded families – we have categorized our customers as low risk. It is highly unlikely that the Company will have any medium / high risk clients given its focus on the lower income section of society.

However, for Risk Management, the Company shall have a risk based approach which includes the following:

  1. Customers shall be categorized as low, medium and high risk category, based on the assessment and risk perception of the Company.
  2. The Risk categorization shall be undertaken based on parameters such as customer’s identity, social, financial status, nature of business activity, and information about the clients’ business and their location etc. While considering customer’s identity, the ability to confirm identity documents through online or other services offered by issuing authorities may also be factored in.
  3. For the purpose of a risk based approach, the Company has categorized its customers into three categories as given below:

Low Risk

Individuals and Entities whose identities and sources of wealth can easily be identified and transaction in whose accounts by and large confirm to the known profile come under this category.

  1. Salaried employees whose salary structure is well-defined.
  2. People belonging to lower economic strata of the society whose accounts show small balances and low turnover.
  3. Government Department and Government owned companies, regulators and statutory bodies.
  4. Self employed

Medium Risk

  1. Non-resident Indians

High Risk

Customer for whom the sources of funds are not clear or are not convincing shall be categorized as High Risk. Higher due diligence shall be applied for this category of customers.

  1. Trust, charities, NGOs and organizations receiving donations.
  2. Companies having close family shareholding or beneficial ownership.
  3. Firms with ‘sleeping partners’.
  4. Politically exposed persons (PEPs).
  5. High net worth individuals.
  6. Non face to face customers, and
  7. Those with dubious reputation as per public information available.

Customer Identification Procedure (CIP)

The Company shall undertake identification of customers before commencement of an account based relationship. Customer identification means identifying the customer and verifying his / her identity by using reliable and independent source of documents, data or information to ensure that the customer is not a fictitious/ anonymous/ benami person. The Company shall obtain sufficient information necessary to establish, to its satisfaction, the identity of each customer and the purpose of the intended nature of business relationship.

The Company shall verify the identity of any Person transacting with the Company to the extent reasonable and practicable and maintain records of the information used to verify a customer’s identity, including name, address and other identifying information.

The Company shall consult sanctions lists/ FATF statements of known or suspected terrorists or terrorist organizations / jurisdictions and countries that do not or insufficiently apply the FATF recommendations as provided to the Company by RBI or any other applicable government agency to determine whether a person opening an account or an existing customer appears on any such list.

The Company shall take reasonable measures to ascertain and verify the true identity of all customers who transact with the Company.

All the customers shall be identified by a unique identification code to identify customers, track the facilities availed, monitor financial transactions in a holistic manner and to have a better approach to risk profiling of customers.

Monitoring of Transactions

Ongoing monitoring is an essential element of effective KYC procedures. The Company can effectively control and reduce its risk only if it has an understanding of the normal and reasonable activity of the customer so that it can identify transactions that fall outside the regular pattern. However, the extent of monitoring will depend on the risk sensitivity of the account. Since the Company will not have any deposit accounts, this situation will hardly arise, but the Company will in any case pay special attention to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose, or transactions that involve large amounts of cash inconsistent with the normal and expected activity of the customer. The Company will put in place a system of periodical review of risk categorization of accounts and the need for applying enhanced due diligence measures. The Company will ensure that a record of transactions in the accounts is preserved and maintained as required in terms of section 12 of the PML Act, 2002 (and the Amended Act, 2009). It will also ensure that transactions of suspicious nature and/or any other type of transaction notified under section 12 of the PML Act, 2002 (and the Amended Act, 2009), is reported to the appropriate law enforcement authority.

Illustrative list of activities which would be construed as suspicious transactions

Activities not consistent with the customer’s business, i.e. accounts with large volume of credits whereas the nature of business does not justify such credits and when the applicant/customer:

  1. is reluctant to provide information, data, documents
  2. submits false documents, data, purpose of loan, details of accounts
  3. refuses to furnish details of source of funds by which initial contribution is made, sources of funds is doubtful etc
  4. is reluctant to meet in person, represents through a third party or a power-ofattorney- holder without sufficient reasons
  5. approaches a branch/office of the Company, which is away from the customer’s residential or business address provided in the loan application, when there is a branch/office of the Company closer to the given address
  6. is unable to explain or satisfy the numerous transfers in the statement of bank account or has multiple bank accounts
  7. makes an initial contribution through unrelated third-party accounts without proper justification
  8. avails himself of a top-up loan and/or equity loan, without proper justification of the end-use of the loan
  9. suggests dubious means for the sanction of the loan
  10. encashes the loan amount by opening a fictitious bank account
  11. applies for a loan knowing fully well that the property/dwelling unit to be financed has been funded earlier and that the same remains un-repaid
  12. requests for payment made in favour of a third party who has no relation to the transaction
  13. uses the loan for a purpose other than what has been stipulated
  14. uses the loan in connivance with the vendor/builder/developer/broker/agent etc. frequently conveys change of his address where the transaction does not make economic sense
  15. there are reasonable doubts over the real beneficiary of the loan and the property/dwelling unit to be purchased
  16. the sale consideration stated in the agreement for sale is abnormally higher/lower than what is prevailing in the area
  17. there is multiple funding of the same property/dwelling unit
  18. there is multiple funding involving an NGO, charitable organisation, small or medium enterprises, self-help groups , or microfinance groups
  19. over-payment of instalments of repayment with a request to refund the excess
  20. Repayments of a loan within 5 months of its origination
  21. Regular requests to refund overpayments of monthly installments
  22. Payments from a third party bank


Each business process as a part of the credit policy will document and implement appropriate risk-based procedures designed to verify that it can form a reasonable belief that it knows the true identity of its customers. Verification of customer identity should occur before transacting with the customer. Procedures for each business process shall describe acceptable methods of verification of customer identity, which may include verification through documents or non-documentary verification methods that are appropriate given the nature of the business process, the products and services provided and the associated risks.

i. Verification through documents

i. Verification through documents

These documents may include, but are not limited to the list of documents that can be accepted as proof of identity and address from customers across various products offered by the Company as provided in to this policy. These are appropriately covered in the credit policies of the respective businesses.

The list of documents that can be accepted as proof of identity and address from customers across various products offered by the Company is given in this policy. Verification through non-documentary methods:

These methods may include, but are not limited to:

  1. Contacting or visiting a customer;
  2. Independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database, or other source;
  3. Checking references with other financial institutions; or
  4. Obtaining a financial statement.

ii. Additional verification procedures.

If applicable, the business process verification procedures should address situations where:

  1. A person is unable to present an unexpired government-issued identification document that bears a photograph or similar safeguard;
  2. The business process associate is not familiar with the documents presented;
  3. The Account is opened without obtaining documents;
  4. Where the business process is otherwise presented with circumstances that increase the risk that it will be unable to verify the true identity of a customer through documents; and
  5. If the business process cannot verify the identity of a customer that is other than an individual, it may be necessary to obtain information about persons with authority or control over such account, including signatories, in order to verify the customer’s identity.

Where a low risk category customer expresses inability to complete the documentation requirements on account of any reason that the Company considers to be genuine, and where it is essential not to interrupt the normal conduct of business, the Company may complete the verification of identity within a period of six months from the date of establishment of the relationship.

Enhanced Due Diligence

The Company is primarily engaged in retail finance. It does not deal with such category of customers who could pose a potential high risk of money laundering, terrorist financing or political corruption and are determined to warrant enhanced scrutiny. The existing credit policies of the Company in respect of its various businesses ensure that the Company is not transacting with such high risk customers. The Company shall conduct Enhanced Due Diligence in connection with all customers or accounts that are determined to pose a potential high risk and are determined to warrant enhanced scrutiny. Each business process shall establish appropriate standards, methodology and procedures for conducting Enhanced Due Diligence, which shall involve conducting appropriate additional due diligence or investigative actions beyond what is required by standard KYC due diligence. Enhanced Due Diligence shall be coordinated and performed by the Company, who may engage appropriate outside investigative services or consult appropriate vendor sold databases when necessary. Each business process shall establish procedures to decline to do business with or discontinue relationships with any customer when the Company cannot adequately complete necessary Enhanced Due Diligence or when the information received is deemed to have a significant adverse impact on reputational risk.

The following are the indicative list where the risk perception of a customer may be considered higher:

  1. Customers requesting for frequent change of address/contact details
  2. Sudden change in the loan account activity of the customers
  3. Frequent closure and opening of loan accounts by the customers

Enhanced due diligence may be in the nature of keeping the account monitored closely for a re-categorisation of risk, updation of fresh KYC documents, field investigation

Risk Management

The Board of Directors of the Company has ensured that an effective KYC program is in place and has established appropriate procedures and is overseeing its effective implementation. The program covers proper management oversight, systems and controls, segregation of duties, training and other related matters. Responsibility has been explicitly allocated within the Company to ensure that the policies and procedures are implemented effectively. The Board of the Company is aware that while all customers will be of low risk profile given the nature of its business, unless belonging to a higher risk profile listed under CAP above and approved as an exception, it will apply various Anti Money Laundering measures keeping in view the risks involved in a transaction, account or business relationship.

The Board of Directors of the Company through its Audit Committee will directly evaluate and ensure adherence to the KYC policies and procedures, including legal and regulatory requirements.

The Company has already ensured that its front line staff and credit staff are aware that no loan accounts will be created unless the KYC procedures are adhered to completely.

The Company’s internal audit and compliance functions play a role in evaluating and ensuring adherence to the KYC policies and procedures.

Internal Auditors specifically check and verify the application of KYC procedures at the branches and comment on the lapses observed in this regard.

The compliance in this regard is put up before the Audit Committee of the Board on quarterly intervals/p>

Risk Categorisation

The Company shall have a system in place for periodical updation of customer identification data after the account is opened. Full KYC exercise will be done at a periodicity not less than once in ten years in case of low risk category customers, not less than once in eight years in case of medium risk category customers and not less than once in two years in case of high risk category customers.

Low risk category customers need not submit fresh proofs of identity and address at the time of periodic updation, in case of no change in status with respect to their identities and addresses and a self-certification by the customer to that effect shall suffice in such cases. In case of change of address of such ‘low risk’ customers, they can forward a certified copy of proof of address by mail/post, etc.

All the customers under different product categories are categorized into low, medium and high risk based on their profile. The Credit manager while appraising the transaction and rendering his approval will prepare the profile of the customer based on risk categorization. An indicative categorization for the guidance of businesses is provided in Customer Identification Procedure. Each business process adopts the risk categorization in their respective credit policies subject to confirmation by compliance based on the credit appraisal, customer’s background, nature and location of activity, country of origin, sources of funds, client profile, etc., Where businesses believe that a particular customer falling under a category mentioned below is in his judgement falling in a different category, he may categorise the customer so, so long as appropriate justification is provided in the customer file.


The business shall have a system of internal reporting of suspicious transactions, counterfeit transactions and cash transactions greater than Rs.10 lakhs, whether such transactions comprise of a single transaction or a series of transactions integrally connected to each other, and where such series of transactions take place within a month.

“Suspicious transaction” means a transaction whether or not made in cash which, to a person acting in good faith:

  1. gives rise to a reasonable ground of suspicion that it may involve the proceeds of crime; or
  2. appears to be made in circumstances of unusual or unjustified complexity; or
  3. appears to have no economic rationale or bona fide purpose; or
  4. gives rise to a reasonable ground of suspicion that it may involve financing of the activities relating to terrorism.
  5. Where the transactions are abandoned by customers on being asked to give some details or to provide documents.

Further, the Compliance officer shall furnish information of the above mentioned transactions to the Director, Financial Intelligence Unit – India (FIU-IND) at the prescribed address in the formats prescribed in this regard including the electronic filing of reports.

Provided that where the principal officer, has reason to believe that a single transaction or series of transactions integrally connected to each other have been valued greater than Rs.10 lakhs so as to defeat the provisions of the PMLA regulations, such officer shall furnish information in respect of such transactions to the Director within the prescribed time.

Customer Education

The implementation of KYC procedures requires APTUS FINANCE to demand certain information from customers, which may be of personal nature, or which has hitherto never been called for. This can sometimes lead to a lot of questioning by the customer as to the motive and purpose of collecting such information. APTUS FINANCE’s front line staff will therefore personally discuss this with customers and if required,  APTUS FINANCE will also prepare specific literature/ pamphlets, etc. so as to educate the customer on the objectives of the KYC program.

Existing Customers

The requirements of the earlier sections are not applicable to accounts opened by existing customers, provided that the business process has previously verified the identity of the customer and the business process continues to have a reasonable belief that it knows the true identity of the customer. Further, transactions in existing accounts should be continuously monitored and any unusual pattern in the operation of the account should trigger a review of the due diligence measures.

Applicability to branches and subsidiaries

The above guidelines shall also apply to all branches and subsidiaries

Introduction of New Technologies

APTUS FINANCE will pay special attention to any money laundering threats that may arise from new or developing technologies including on-line transactions that might favour anonymity, and take measures, if needed, to prevent its use in money laundering schemes.

Appointment of Designated director /Principal Officer

The Company has appointed its Director Mr. P. Balaji (Director) to be designated as ‘designated director for ensuring overall compliance with the obligations imposed under Chapter IV of the Prevention of Money Laundering Act and the Rules.

The Company has appointed Ms. Laxmi Sridhar, Manager & CFO, as the Principal Officer responsible for monitoring and reporting all transactions and sharing of information as required and will be located at the corporate office. She will maintain close liaison with enforcement agencies, other HFCs and any other institution which is involved in the fight against money laundering and combating financing of terrorism.

Maintenance of records of transactions

The Company shall implement appropriate procedures to maintain the records mentioned below:

  1. All cash transactions of the value of more than Rs. 10 lakh or its equivalent in foreign currency;
  2. All series of cash transactions integrally connected to each other which have been individually valued below Rs. 10 lakh or its equivalent in foreign currency where such series of transactions have taken place within a month and the monthly aggregate exceeds Rs.10 lakhs or its equivalent in foreign currency;
  3. All cash transactions where forged or counterfeit currency notes or bank notes have been used as genuine and where any forgery of a valuable security has taken place;
  4. All suspicious transactions whether or not made in cash Designated director will be provided details of the above transactions on a monthly basis. This report will be provided even if there are no transactions.

Information to be preserved

As per the RBI guidelines, the Company is required to maintain the following information in respect of transactions referred to in Rule 3 of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005 (PML Rules, 2005);

  1. The nature of the transactions;
  2. The amount of the transaction and the currency in which it was denominated;
  3. The date on which the transaction was conducted; and
  4. The parties to the transaction.

Maintenance and Preservation of records

The Company has a system for proper maintenance and preservation of account information in a manner that allows data to be retrieved easily and quickly whenever required or when requested by the competent authorities. The Company will maintain for at least ten years from the date of cessation of transaction between the bank and the client, all necessary records of transactions, both domestic or international, which will permit reconstruction of individual transactions (including the amounts and types of currency involved if any) so as to provide, if necessary, evidence for prosecution of persons involved in criminal activity. The Company will also ensure that records pertaining to the identification of the customer and his / her address (e.g. copies of documents like passports, identity cards, driving licenses, PAN, utility bills etc.) obtained while opening the account and during the course of business relationship, are properly preserved for at least ten years after the business relationship is ended. The identification records and transaction data will be made available to the competent authorities upon request.

Reporting to Financial Intelligence Unit-India

In terms of the PMLA rules, APTUS FINANCE will report information relating to cash and suspicious transactions to the Director, Financial Intelligence Unit-India (FIU-IND) at the following address:

  • Director, FIU-IND,
  • Financial Intelligence Unit-India,
  • 6 th Floor, Hotel Samrat,
  • Chanakyapuri,New Delhi-110021

The Company will ensure that the provisions of PMLA Rules framed and the Foreign Contribution and Regulation Act, 1976, wherever applicable, are adhered to strictly.


  1. All the applicants shall have valid ID proof as prescribed above.
  2. ‘Simplified measures’ may be applied in the case of ‘Low risk’ customers taking into consideration the type of customer, business relationship, nature and value of transactions based on the overall money laundering and terrorist financing risks involved. In respect of low risk category of customers, where simplified measures are applied, it would be sufficient to obtain any of the documents mentioned below for the purpose of –

A. Proof of identity -

  1. Aadhar Card
  2. Identity card with applicant’s Photograph issued by Central / State Government Departments, Statutory / Regulatory Authorities, Public Sector Undertakings, Scheduled Commercial Banks, and Public Financial Institutions;
  3. letter issued by a gazetted officer, with a duly attested photograph of the person;

B. Proof of address

The following documents shall be deemed to be officially valid documents for ‘low risk’ customers for the limited purpose of proof of address where customers are unable to produce any officially valid document for the same:

  1. Aadhar Card
  2. Utility bill which is not more than two months old of any service provider (electricity, telephone, postpaid mobile phone, piped gas, water bill);
  3. Property or Municipal Tax receipt;
  4. Bank account or Post Office savings bank account statement;
  5. Pension or family pension payment orders (PPOs) issued to retired employees by Government Departments or Public Sector Undertakings, if they contain the address;
  6. Letter of allotment of accommodation from employer issued by State or Central Government departments, statutory or regulatory bodies, public sector undertakings, scheduled commercial banks, financial institutions and listed companies. Similarly, leave and license agreements with such employers allotting official accommodation; and
  7. Documents issued by Government departments of foreign jurisdictions and letter issued by Foreign Embassy or Mission in India.
  8. Over and above the KYC identification of the customer as per the process laid in above, in case the customer is residing at an address different from the address mentioned in the proof submitted in accordance with annexure III, the company shall collect any of the documents listed below in addition to one address proof as listed in annexure III for communication/contact address:–
    • Latest Telephone bill – landline and postpaid mobile bills (Not more than six months old)
    • Latest Utility bills (Not more than six months old)
    • Bank account statement (Not more than six months old)
    • Registered Lease deed along with utility bill in the name of the landlord