Definitions Abbreviations

AML — Anti-Money Laundering
CDD — Customer Due Diligence
CBWTR — Cross Border Wire Transfer Reporting
CFT — Combating the Financing of Terrorism/Countering of Terrorist Financing
EDD — Enhanced Due Diligence
FATF — Financial Action Task Force
FCC — Financial Crime Compliance
FIU-IND — Financial Intelligence Unit India
HUF — Hindu Undivided Family
IFSCA — International Financial Services Centres Authority
KYC — Know Your Customer
LLP — Limited Liability Partnership
NSDL — National Securities Depository Limited
ML/TF — Money Laundering/ Terrorist Financing
OFAC — Office of Foreign Assets Control
OVD — Officially Valid Document
PAN — Permanent Account Number
PEP — Politically Exposed Person
PMLA — Prevention of Money Laundering Act, 2002
PMLR — Prevention of Money Laundering (Maintenance of Records) Rules, 2005
SAR — Suspicious Activity Report
STR — Suspicious Transaction Report
UBO — Ultimate Beneficial Owner
UN — United Nations
V-CIP — Video Customer Identification Procedure

Definitions

"AML-CFT & KYC Policy" means this document, that is, Anti-Money Laundering and Countering of Terrorist Financing Policy, as approved and adopted by the Board.

"Authorised Representative" means the manager, officer or employee of a merchant authorised by such merchant in writing to transact on its behalf.

"Beneficial Owner" or "BO" shall mean an individual (natural person) who ultimately owns or controls a merchant or the person on whose behalf a transaction is being conducted and includes a person who exercises ultimate effective control over a juridical person. It is clarified that in the event of a discrepancy between the following criteria and the IFSC (AML CTF KYC) Guidelines, the criteria for determining a 'Beneficial Owner' under the IFSC (AML CTF KYC) Guidelines will prevail.

1. Company — (a) Ownership of or entitlement to more than 10% (ten per cent) of shares or capital or profits of the company; or
   (b) The right to appoint a majority of the directors or to control the management or policy decisions including by virtue of their shareholding or management rights or the shareholders' agreements or voting agreements.

2. Partnership/LLP — (a) Ownership of or entitlement to more than 10% (ten per cent) of the capital or profits of the partnership or LLP; or
   (b) The right to control the management or policy decision of such partnership or LLP.

3. HUF — Karta

4. Trust — (a) The author of the trust, the trustee, the beneficiaries with 10% (ten per cent) or more interest in the trust; and
   (b) Any other natural person exercising ultimate effective control over the trust through a chain of control or ownership.

5. Society — Person who holds the position of senior managing official

6. Unincorporated association or body of individuals — Ownership of or entitlement to more than 15% (fifteen per cent) of the property or capital or profits of such association or body of individuals.

"Board" means the Board of Directors of Glomo Payments.

"Customer/Merchants" means an individual or entity who is the Customer of Glomo Payments and is: (i) a national/ international merchant who avails the payment aggregation or other services offered by Glomo Payments or enters into any business to business (B2B) relationship with Glomo Payments; (ii) a national/international merchant who establishes a B2B relationship with Glomo Payments or avails any services made available by Glomo Payments on a B2B basis; or iii) such persons who engages in financial transaction or activity through Glomo Payments including such persons on whose behalf the person engaged in the transaction, is acting.

"Designated Person" means all individuals working at all levels and grades, including directors, senior managers, officers, other employees (whether permanent, fixed-term or temporary), consultants, contractors, trainees, interns, seconded staff, casual workers and agency staff, agents, or any other person associated with Glomo Payments and such other persons including those designated by the Principal Officer from time to time.

"IFSCA Payment Service Regulations" means International Financial Services Centres Authority (Payment Services) Regulations, 2024 issued by the IFSCA, as updated or amended from time to time.

"IFSCA (AML CTF KYC) Guidelines" means International Financial Services Centres Authority (Anti Money Laundering, Counter-Terrorist Financing and Know Your Customer) Guidelines, 2022 issued by the IFSCA, as updated or amended from time to time.

"Officially Valid Document" or "OVD" means the passport, the driving licence, proof of possession of Aadhaar number, the Voter's Identity Card issued by the Election Commission of India, letter issued by National Population Register containing details of name, address, or any other documents as notified by the Central Government in consultation with the regulatory authority.

Provided that in an International Financial Services Centre, the national identity card and voter identification card, by whatever name called, issued by the Government of foreign jurisdictions or agencies authorised by them capturing the photograph, name, date of birth, and address of a foreign national shall also be considered as OVD.

Provided further that where simplified measures are applied for verifying the identity of customers, the following documents shall also be deemed to be OVD-

1. Identity card with applicant's photograph issued by the Central/State Government departments, statutory/regulatory authorities, public sector undertakings, scheduled commercial banks, and public financial institutions;

2. Letter issued by a gazetted officer, with a duly attested photograph of the person. Provided also that, Where the simplified measures are applied for verifying the limited purpose of proof of address of the customer, where a prospective customer is unable to produce any proof of address, the following document shall also be deemed to be OVD-
   
   

3. Utility bill which is not more than 2 months old of any service provider (electricity, telephone, post-paid mobile phone, piped gas, water bill);

4. Property, municipal tax receipt, city council tax receipt, or such other equivalent document;

5. Post office savings bank account statement or statement of a bank account including of a foreign bank;

6. Pension or family pension payment orders issued to retired employees by Government departments or public sector undertakings, if they contain the address;

7. Letter of allotment of accommodation from employer issued by State/Central Government departments, statutory or regulatory bodies, public sector undertakings, scheduled commercial banks, financial institutions, and listed companies, and leave and license agreements with such employers allotting official accommodation; Provided also that in case the OVD presented by a foreign national does not contain details of address, in such case the documents issued by Government departments of foreign jurisdictions and letter issued by the Foreign Embassy or Mission in India shall be accepted as proof of address;
   
   Provided also that where the client submits his proof of possession of Aadhaar number as an OVD, he may submit it in such form as issued by Unique Identification Authority of India;
   
   Explanation: For the purpose of this definition, a document shall be deemed to be an OVD even if there is a change in the name subsequent to its issuance, provided it is supported by a marriage certificate issued by the State Government or Gazette Notification, indicating such a change of name.
   
   "Non-Client" means a third party, from a recognised FATF jurisdiction: i) making cross border payments in favour of the Customers based on the invoices raised by the Customer; or ii) entities or persons in whose favour Customers make payments to.
   
   "PEP Self Declaration" means a declaration/screening to check if the merchant/ BO or their associates are individuals who are or have been entrusted with prominent public functions by a foreign country including Heads of States/Governments, senior politicians, senior government/judicial/military officers, senior executives of state-owned corporations, important political party officials, etc.
   
   "Principal Officer" means an officer designated by Glomo Payments, who shall be responsible for carrying out monitoring of activities and business relations of Glomo Payments, and perform any other functions as specified under the IFSCA (AML CTF KYC) Guidelines.
   
   "Shell Financial Institution" means a bank or financial institution incorporated, formed or established in a country or jurisdiction where the bank or financial institution has no physical presence, and which is unaffiliated with a financial group that is subject to effective supervision.

1. Overview
As per the IFSCA (AML CTF KYC) Guidelines and the IFSCA Payment Service Regulations issued by the IFSCA, Glomo Payments IFSC Private Limited (hereinafter referred to as "Glomo Payments") shall:

1. undertake steps to implement the KYC/AML/CFT principles/standards ("KYC, AML and CFT Standards");

2. conduct a KYC check of all Customers prior to their onboarding; and

3. monitor Customers' transactions and activities undertaken via Glomo Payments to ensure adherence to KYC, AML and CFT Standards.

Glomo Payments shall adopt appropriate procedures to know/understand their Customers and their financial dealings, in line with this board-approved AML-CFT & KYC Policy.

This AML-CFT & KYC Policy shall cover the following four key elements for managing risks prudently:

1. Identify the Customer.

2. Verify the Customer's true identity.

3. Understand the Customer's activities and source of funding.

4. Monitor the Customer's activities.

2. Aim, Scope and Applicability
Glomo Payments aims to comply with the KYC, AML and CFT Standards to ensure that Glomo Payments is not used as a vehicle for or in connection with ML and/or TF. The main objective is to establish and lay down the general framework for identification and acceptance of Customers and to act as deterrent against money laundering and terrorism financing and in turn ensure consistency with FCC obligations. This AML-CFT & KYC Policy has been framed by Glomo Payments for the following purpose:

1. To determine the true identity and beneficial ownership of accounts, source of funds, the nature of Customer's business, reasonableness of operations in the account in relation to the Customer's business.

2. To prevent Glomo Payments from being used, intentionally or unintentionally by criminal elements for money laundering activities or terrorist financing activities.

3. To lay down explicit criteria for acceptance of Customers.

4. To control, detect and report all types of suspicious activities in accordance with applicable laws.

5. To establish procedures to verify the bona-fide identification of individuals/non individuals for opening of account.

6. To establish processes and procedures to monitor high value transactions and/or transactions of suspicious nature in accounts.

7. To develop measures for conducting due diligence in respect of customers and reporting of such transactions.

8. To effectively implement this AML-CFT & KYC Policy.

This AML-CFT & KYC Policy is applicable to Glomo Payments and extends to all individuals working at all levels and grades, including directors, senior managers, officers, employees (whether permanent, fixed-term, or temporary), consultants, contractors, trainees, interns, seconded staff, casual workers, agency staff, agents, or any other person associated with Glomo Payments. This Policy also covers any other persons designated by the Principal Officer from time to time. Additionally, Glomo Payments shall recommend the adoption of this AML-CFT & KYC Policy to the boards of directors of its subsidiaries, associates, and joint ventures.

3. Key elements of the policy
In line with the IFSC (AML CTF KYC) Guidelines, this AML-CFT & KYC Policy and procedures comprise of the following components:

1. Customer Acceptance Policy.

2. Risk Management.

3. Customer Identification Procedure (CIP).

4. Transaction Monitoring/On-going Due Diligence.

3.1 Customer Acceptance Policy (CAP)
Glomo Payments has framed the Customer Acceptance Policy for ensuring compliance with all applicable regulatory guidelines while establishing Customer relationships and maintaining the related accounts as per profile of the Customer. This policy is one of the four parameters which broadly define KYC/AML/CFT guidelines issued by IFSCA. The guidelines in respect of Customer relationship with Glomo Payments broadly include the following:

1. Glomo Payments shall not enter a business relationship with a Customer with any anonymous accounts or accounts in fictitious name(s), or a nominee account which is held in the name of one person but is controlled by or held for the benefit of another person whose identity has not been disclosed to Glomo Payments.

2. Glomo Payments shall not enter a business relationship where the ownership or control arrangements of the Customer prevent the Glomo Payments from identifying one or more of the Customer's Beneficial Owners.

3. Glomo Payments shall not enter a business relationship with a Shell Financial Institution.

4. No account-based relationship or transaction will be undertaken without following the due diligence procedure.

5. Customer will not be accepted if Glomo Payments is unable to apply appropriate CDD measures, either due to non-cooperation of the Customer or non-reliability of the documents/information furnished by the Customer.

It is hereby clarified that this Customer Acceptance Policy shall not result in an unfair denial of facilities to members of the general public, especially those who are financially or socially disadvantaged.

Further, where Glomo Payments forms a suspicion of money laundering or terrorist financing, and it reasonably believes that performing the due diligence process will tip-off the Customer, it shall not pursue the due diligence process, and instead file a suspicious transaction report with FIU-IND.

3.2 Risk Management
Through the Risk Management Policy, the Board shall ensure formal documentation of risk categorisation and risk-based merchant segregation under the KYC programme. The Board will establish appropriate procedures for effective implementation of this policy.

The Risk Management Team shall be staffed adequately with individuals who are well-versed in such policies and procedures. Such individuals shall specifically check and verify the application of KYC procedures and comment on any lapses observed in this regard.

Parameters of risk assessment have been defined to enable categorization of customers into low, medium and high risk. The categorization of risk is determined by evaluating customer risk, country or geographic risk, and product, service, transaction, or delivery channel risk. Customer risk involves factors such as high-risk businesses, unusual ownership or corporate structures, and business relations under unusual circumstances. Country or geographic risk considers Glomo Payments' exposure to countries with high levels of corruption, organised crime, inadequate AML/CFT measures, or those subject to sanctions and linked to terrorism. Additionally, product, service, transaction, or delivery channel risk includes services that favour anonymity, non-face-to-face transactions, the involvement of nominee directors or shareholders, and transactions with unknown third parties.

3.3 Customer Identification Procedure (CIP)

Glomo Payments shall undertake identification of its Customers during the following stages:

1. At the time of establishing business relationship with the Customer.

2. When there is a doubt about the authenticity or adequacy of the Customer identification data it has obtained.

3. When Glomo Payments suspects ML/TF.

4. When there is a change in risk-rating of the Customer, or it is otherwise warranted by a material change in circumstances of the Customer.

5. Throughout the course of business relationship, as part of ongoing due diligence, to ensure that the transactions that are being conducted, are consistent with the Glomo Payments' knowledge of the Customer, Customer's business and risk profile, including, where necessary, the source of funds.

Glomo Payments shall collect, from all Customers, details of the bank account to which the settlement of funds must be made. Merchants must also provide a copy of the cancelled cheque of the bank account or Bank Verification Letter or Bank statement or bank passbook copy, containing the IFSC code and the account holder name; or Glomo Payments shall conduct a verification of such bank accounts either through penny drop or any such modes as may be deemed fit to confirm.

The objective of establishing the identification of the Customers is to:

1. Verify through genuine and relevant documents, the status of the Customer (legal status of legal Customer/ entity).

2. Verify the identity of the person authorized to act on behalf of Customer/legal entity.

3. Understand the ownership and control structure of the customer and determine the natural persons who have control over the legal person.

4. Verifying the legitimacy of the Customer's settlement bank account (which will verify if the Customer is also KYC-checked by a regulated bank).

As per the IFSC (AML CTF KYC) Guidelines, Glomo Payments shall obtain the following from the merchants while establishing an account-based relationship and validate the same. Where the merchant is a foreign national, Glomo Payments will accept the equivalent identification document issued by government departments in foreign jurisdictions as OVD:

3.3.1. Company

1. Certificate of Incorporation;

2. PAN of the company;

3. GST certificate of the company;

4. Memorandum of Association;

5. Articles of Association;

6. Ownership structure and BO declaration;

7. A resolution from the board of directors or power of attorney or any other suitable granted to its Authorised Representative;

8. As applicable, OVD of the Authorised Representative and BO (as necessary);

9. Names of relevant persons holding senior management position, including all directors;

10. PEP Self Declaration;

11. Self-declared turnover of the company for the previous financial year;

12. Self-declared merchant category code for all categories of business; and

13. Details of registered office and principal place of its business (if they vary), along with geotagging coordinates (as applicable) and store photographs.

3.3.2. Partnership/LLP

1. Evidence of registration or registration certificate;

2. PAN of partnership firm/LLP;

3. GST certificate of the partnership firm/LLP;

4. Partnership / LLP Deed;

5. Authority letter duly signed by two partners/ managing partners along with the signature specimen appointing the Authorised Representative/authorised signatory;

6. Names of all the partners;

7. As applicable, OVD of the Authorised Representative and/ or proprietor BO (as necessary);

8. PEP Self Declaration;

9. Self-declared turnover of the partnership/LLP for the previous financial year;

10. Self-declared merchant category code for all categories of business; and

11. Details of registered office and principal place of its business (if they vary), along with geotagging coordinates (as applicable) and store photographs.

3.3.3. Sole Proprietorship

1. OVD of the proprietor;

2. PAN of the proprietor;

3. PEP Self Declaration of the proprietor;

4. Self-declared turnover of the entity;

5. Self-declared merchant category code for all categories of business; and

6. Any two of the following:

   1. Evidence of registration such as registration certificate or UDYAM registration certificate;

   2. Certificate/licence issued by the municipal authorities under relevant Shop and Establishment Act;

   3. Sales and income tax returns;

   4. GST certificate;

   5. Certificate/registration document issued by Sales Tax/Service Tax or Professional Tax authorities;

   6. Importer Exporter Code issued by DGFT or License/certificate of practice issued in the name of the proprietary concern by any professional body incorporated under a statute;

   7. Complete Income Tax Return (not just the acknowledgment) in the name of the sole proprietor where the firm's income is reflected, duly authenticated/acknowledged by the Income Tax authorities; and

   8. Utility bills such as electricity, water, landline telephone bills, etc.

7. Details of registered office and principal place of its business (if they vary), along with geotagging coordinates (as applicable) and store photographs.

3.3.4. Hindu Undivided Family

1. Resolution of the managing body;

2. PAN or Form 60 of the HUF;

3. GST certificate;

4. Registered HUF Deed;

5. Details of the Karta and/or the Authorised Representative (if any);

6. PEP Self Declaration;

7. Self-declared turnover of the HUF for the previous financial year;

8. Self-declared merchant category code for all categories of business;

9. Power of attorney or any other suitable authorisation granted to the Authorised Representative (if any); and

10. Details of registered office and principal place of its business (if they vary), along with geotagging coordinates (as applicable) and store photographs.

3.3.5. Trust

1. Certificate of registration;

2. Trust Deed;

3. PAN of the trust or Form 60 of the trust;

4. OVD of the BO, Authorised Representative, and/or trustee(s);

5. Names of beneficiaries, trustees, settlors, and authors of the trust;

6. GST certificate;

7. PEP Self Declaration;

8. Self-declared turnover of the trust for the previous financial year;

9. Self-declared merchant category code for all categories of business;

10. Power of attorney or any other suitable authorisation granted to the Authorised Representative (if any); and

11. Details of registered office and principal place of its business (if they vary), along with geotagging coordinates (as applicable) and store photographs.

3.3.6. Unincorporated Association or a body of individuals

1. Resolution of the managing body of such association or body of individuals;

2. PAN or Form no. 60 of the unincorporated association or a body of individuals;

3. GST certificate;

4. OVD of the authorised representative and BO (if any);

5. PEP Self Declaration;

6. Self-declared turnover of the unincorporated association or body of individuals for the previous financial year;

7. Self-declared merchant category code for all categories of business;

8. Power of attorney or any other suitable authorisation granted to the Authorised Representative; and

9. Details of registered office and principal place of its business (if they vary), along with geotagging coordinates (as applicable) and store photographs.

3.3.7. Additional/Supplementary documents

1. Business/trade license from the Customers, wherever it is required for them to conduct their business especially in case of regulated businesses.

2. Duly signed agreement approved by the Legal and Compliance team (either individual agreements or templates approved by the Legal and Compliance team).

3. Sales and Income Tax returns

4. Certificate/registration documents issued by Sales Tax/Service Tax/Professional Tax authorities

5. IEC (Importer Exporter Code) issued by the office of DGFT/ License / Certificate of practice issued in the name of the individual concerned by any professional body incorporated under a statute.

6. Complete Income Tax return (not just the acknowledgement) in the name of the concerned entity, association or individual where the income is reflected, duly authenticated/ acknowledged by the Income Tax Authorities.

7. For small merchants, a consent letter shall be taken to confirm that the merchant's turnover was below INR 20,00,000 (Indian Rupees Twenty Lakhs only) in the previous financial year.

8. Certificate/License issued by the Municipal authorities under Shop and Establishment Act or factories license, as applicable, or any other equivalent documentation in foreign jurisdiction.

Note:

1. All the above-mentioned documents from 3.3.1 to 3.3.7 should be re-validated on an ongoing basis to minimize the errors and ensure seamless transaction and settlement of the merchant. Document re-verifications shall also form part of the periodic due diligence to be conducted.

2. Where the OVD furnished by the merchant as per this Section 3.3 does not have updated address, the following documents or the equivalent e-documents thereof shall be deemed to be OVDs for the limited purpose of proof of address -- utility bill (which is not more than two months old), property or Municipal tax receipt, pension or family pension payment orders issued by Government Departments or Public Sector Undertakings (if they contain address) and letter of allotment of accommodation from employer issued by State Government or Central Government Departments, statutory or regulatory bodies, public sector undertakings, scheduled commercial banks, financial institutions and listed companies and leave and license agreements with such employers allotting official accommodation.

3.4 Transaction Monitoring
Set out below are indicative actions or situations or parties that Designated Persons should be careful about - which when appearing together or individually should raise 'Red flag' concerns (each, whether or not listed herein, a "Red Flag"):

1. Customers or suppliers who are connected to countries identified as non-cooperative by the 'Financial Action Task Force on Money Laundering' established by the G-7 Summit in 1987, and international organisations against money laundering.

2. Customers or suppliers who are reluctant to provide complete information and/or provide insufficient, false, or suspicious information or who are unwilling to comply with Glomo Payments's KYC norms as may be in force from time to time.

3. Customers or suppliers who appear to be acting as an agent for another company or individual, but decline or are reluctant to provide information regarding that company or individual.

4. Customers or suppliers who express concern about, or want to avoid, reporting or recordkeeping requirements.

5. Customers who structure the payments to specifically avoid relevant reporting requirements (for example by making multiple smaller payments or payments from multiple sources).

6. The purchase of products, or a larger volume purchase, that appears to be inconsistent with a customer's normal ordering pattern, and in the absence of any legitimate business reason such as a special price promotion.

7. Complex deal structures or payment patterns that reflect no real business purpose or economic sense.

8. Requests for payment to be made through an unrelated country or to an unrelated third party.

9. Multiple partial payments from various parties on behalf of a single customer and/or multiple partial payments from various locations. Also included are "double endorsed" or "third party" cheques, where a customer endorses over to Glomo Payments' for their invoice a cheque that was originally made out to the customer.

10. Customers whose addresses are not physical sites.

11. Customers making a funds deposit followed by an immediate request that the money be wired out or transferred to a third party, or to another firm, without any apparent business purpose.

12. Customers paying in one form of payment and then requesting a refund of the payment in another form e.g. paying by credit card and requesting a wire transfer.

4. Risk Categorization
Categorizing Customers into different risk buckets can serve as a platform to adopt a risk-based approach. Glomo Payments shall carry out risk assessment to identify, assess and take effective measures to mitigate these risks. When undertaking a risk assessment Glomo Payments shall:

1. Identify the Customer and Beneficial Owner.

2. Obtain information on the purpose and intended nature of the business relationship.

3. Obtain information on, and take into consideration, the nature of the Customer's business.

4. Take into consideration the nature of the Customer, its ownership, control structure, and its Beneficial Ownership, wherever applicable.

5. Take into consideration the nature of the Customer's business relationship with the Glomo Payments.

6. Take into consideration the Customer's country of origin, residence, nationality, place of incorporation or place of business.

7. Take into consideration the relevant product, service or transaction.

8. Take into consideration the beneficiary of the policy including any Beneficial Owner of such beneficiary, if it is providing the customer with a life insurance or other similar policy.

Low Risk:
Individuals (other than High Net Worth) and entities whose identities can be easily verified, and whose transactions generally match their known profile, will be categorised as Low Risk. Merchants not classified as Medium or High Risk will also be treated as Low Risk.

Illustrative examples:
Statutory bodies, Government departments, and Government-owned companies with business longevity greater than 5 years.

Medium Risk:
Customers who may pose a higher-than-average risk may be categorised as Medium Risk, based on factors such as the Customer’s background, nature and location of activity, and country of origin.

Illustrative examples:

• Customers with mixed/negative social media feedback

• Customers engaged in Digital Lending

High Risk:
High Risk Customers are those who are more likely to be involved in money laundering, and therefore require additional information to better understand Customer activity and mitigate associated risks.

Illustrative examples:
NGOs, Donations, Online Gaming, Gift Cards, Chit Funds, Wallet Top-Up

Due Diligence Based on Risk Category

After assigning the risk rating, Glomo Payments shall conduct due diligence as follows:
a. CDD measures in respect of all Customers.
b. EDD in addition to CDD measures for High Risk Customers.
c. Simplified CDD measures by modifying the CDD process detailed for Low Risk Customers.

5. Re-KYC / Ongoing Monitoring
Glomo Payments shall undertake ongoing CDD. An essential aspect of the same shall be maintaining up-to-date and relevant CDD data, documents, and information so that Glomo Payments can identify the changes in customer's risk profile. For the purpose of the ongoing CDD, Glomo Payments comply with the following:

1. Glomo Payments shall monitor its business relations with the customer on an ongoing basis.

2. Glomo Payments during the course of business relations with a customer, shall observe the conduct of the customer's account and scrutinize transactions undertaken throughout the course of business relations, to ensure that the transactions are consistent with Glomo Payments' knowledge of the customer, its business and risk profile and where appropriate, may seek the source of wealth and source of funds.

3. Glomo Payments shall pay particular attention to any complex, unusually large or unusual patterns of transactions undertaken throughout the course of business relations, that have no apparent or visible economic or legitimate purpose.

4. Glomo Payments shall make further enquiries into the background and purpose of the transaction specified in Clause 5.3 above and document its findings so that this information is made available to the relevant authorities, should the need arise.

5. Glomo Payments shall periodically review each customer to ensure that the risk rating assigned under Clause 4 above, is commensurate with the ML/TF risks posed by the customer.

6. Where there are indications that the risks associated with an existing business relationship with the customer may have increased, Glomo Payments shall request additional information and conduct a review of the customer's risk profile in order to determine if additional measures are necessary.

7. Glomo Payments shall ensure that the CDD data, documents, and information obtained in respect of customers, natural persons appointed to act on behalf of the customers, related parties of the customers and beneficial owners of the customers, are relevant and kept up-to-date by undertaking the review of adequacy of the existing CDD data, documents and information, particularly for customers with high-risk rating.

6. KYC Documentation
Glomo Payments shall adopt a risk-based approach for periodic updation of CDD. The periodicity of updation from the date of opening of the account / last CDD updation for different categories of customers shall be as follows:

1. Annually- for high-risk customers;

2. Once in three years- for medium risk customer; and,

3. Once in every five years- for low-risk customers.

7. Updation of Information

1. No change in KYC information: In case there is no change in KYC information (including information on BO in case of legal entities) at the time of Re-KYC, Glomo Payments will procure self-declaration from the Customer through their registered email ID, registered mobile number, letter, etc.

2. Change in address in case of an individual: In case of a change only in address of an individual Customer, Glomo Payments will procure a self-declaration of the new address from the Customer through their registered email ID, registered mobile number, letter, etc. Glomo Payments shall verify the updated address within 2 (two) months through contact point verification, deliverables, etc.

3. Change in KYC information for Customers other than individuals: In case of change in KYC information of legal entities, Glomo Payments shall undertake the KYC process again. Further, in case of any update in the documents submitted by a Customer at the time of establishment of business relationship/account-based relationship and thereafter, as necessary, Glomo Payments shall cause the Customer to submit the update of such document within 30 (thirty) days of such update.

8. Name Screening

1. Glomo Payments shall undertake steps to determine whether any of its existing Customers and Non-Clients are a part of any blacklists or regulatory lists. Screening processes act as a safety mechanism to guard against reputation, operational or legal risks and to prevent Glomo Payments from being used as a channel for money laundering or terrorist financing purposes. Screening of both existing Customers, Non and employees shall be performed at regular intervals.

2. Glomo Payments shall ensure that in terms of Section 51A of the Unlawful Activities (Prevention) Act, 1967, it does not onboard any Customer or process payments from/to Non-Clients, having an account in the name of or having BOs which are individuals/entities appearing in the lists of individuals and entities suspected of having terrorist links, which are approved by and periodically circulated by the UN Security Council (UNSC).

3. Details of accounts resembling any of the individuals/entities in the lists shall be reported to FIU-IND apart from advising Ministry of Home Affairs as required under UAPA notification dated August 27, 2009.

9. EDD for High-Risk Customers
Where the risks of ML/TF are high, Glomo Payments shall conduct EDD measures, consistent with the risks identified. The EDD measures are as follows:

1. Obtaining additional information on the customer (e.g., occupation, volume of assets, information available through public databases, internet, etc.), and updating more regularly the identification data of customer and beneficial owner.

2. Obtaining information and taking additional steps to examine the ownership and financial position, including source of wealth and source of funds of the customer or, if applicable, of the Beneficial Owner.

3. Obtaining information and taking additional steps to record the purpose behind conducting the specified transaction and the intended nature of the relationship between the transaction parties.

4. Obtaining the approval of Senior Management to commence or continue the business relationship

5. Conducting enhanced monitoring of the business relationship, by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination; and,

6. Requiring the first payment to be carried out through an account in the customer’s name with a bank subject to similar CDD standards.

Additionally, Glomo Payments shall specifically apply EDD measures, proportionate to the risks, to business relationships and transactions with natural and legal persons (including financial institutions) from countries for which this is called for by the FATF.

10. Simplified Customer Due Diligence for Low-Risk Customers
Where the risks of ML/TF are low, Glomo Payments shall conduct simplified CDD measures, consistent with the risks identified. The simplified CDD measures may include:

1. Verifying the identity of the customer and the beneficial owner after the establishment of the business relationship

2. Reducing the degree of on-going monitoring and scrutinizing transactions, based on a reasonable monetary threshold

3. Not collecting specific information or carrying out specific measures to understand the purpose and intended nature of the business relationship but inferring the purpose and nature from the type of transactions or business relationship established

However, the Simplified CDD measures shall not be conducted where there is a suspicion of ML/TF. Additionally, Glomo Payments shall perform ongoing monitoring of business relations even for low risk Customers and shall use other measures to conduct CDD in accordance with the customer risks.

11. Termination of Business Relationship
If Glomo Payments is unable to conduct or complete the requisite CDD for a Customer, it shall terminate or suspend any existing business relationship with the customer, return any monies or assets received, and consider whether the failure to conduct or complete CDD necessitates the filing of a Suspicious Transaction Report (STR).

12. Management Reporting
Glomo Payments shall establish and maintain comprehensive policies, procedures, systems, and controls to monitor and detect suspicious transactions related to potential ML/TF activities. These policies, procedures, systems, and controls are designed to ensure that, in the ordinary course of their employment, any employee who knows, suspects, or has reasonable grounds to know or suspect that a person is engaged in or attempting ML/TF promptly notifies the Principal Officer of Glomo Payments with all relevant details.

13. Record Keeping
In order to maintain, preserve, and report the Customer account information, with reference to provisions of PMLA and PMLR, Glomo Payments shall:

1. Maintain all necessary records of transactions obtained during initial and ongoing CDD.

2. Preserve records of customer business relationships, including all correspondence and information related to a customer's account, and ensure adequate records of transactions are kept to allow the reconstruction of individual transactions, including internal findings and analyses where transactions may be unusual or suspicious, whether or not they result in a STR.

3. Retain notifications made for STR, and any relevant supporting documents and information, including internal findings and analysis, as well as any relevant communications with the FIU.

4. Preserve all necessary records, for a minimum of six years or for such period as prescribed under applicable laws, from the date the business relationship has ended or the transaction is completed.

5. Provide a copy of records maintained under the IFSCA (AML CTF KYC) Guidelines to the Authority or any law enforcement agency immediately upon request.

6. In case of Customers who are non-profit organisations:

   1. Register the details and/or ensure the details are registered of such Customers on the DARPAN Portal or an equivalent platform as prescribed by the Government and/or applicable laws of the foreign jurisdiction.

   2. Maintain registration records for at least 6 (six) years after business relationship between Glomo Payments and the Customer has ended or the account has been closed, whichever is later.

7. Preserve up to date records pertaining to the identification and addresses of the customers while opening the account and during the course of business relationship for at least five years after the business relationship is ended.

8. Make available swiftly, the identification records and transaction data to the competent authorities upon request.

9. Maintain all necessary information in respect of transactions prescribed under Rule 3 of PMLR so as to permit reconstruction of individual transaction, including the nature, amount, currency, date of transaction and the parties to the transaction.

10. Evolve a system for proper maintenance and preservation of customer information in a manner that allows easy and quick retrieval of data.

14. Principal Officer and Designated Director
Glomo Payments shall, through internal procedures, designate an employee of sufficient seniority, competence, and independence as the Principal Officer to ensure compliance with the provisions of this AML-CFT & KYC Policy. The name, designation, and contact details of the Principal Officer shall be notified to all Designated Persons. The responsibilities of the Principal Officer shall include:

1. carrying out, or overseeing the carrying out of, ongoing monitoring of business relations for compliance with the IFSCA (AML CTF KYC) Guidelines;

2. promoting compliance of the IFSCA (AML CTF KYC) Guidelines and taking overall charge of all AML/CFT matters within the organisation;

3. informing employees, officers and representatives promptly of regulatory changes;

4. ensuring a speedy and appropriate reaction to any matter in which ML/TF is suspected;

5. reporting or overseeing the reporting of suspicious transactions;

6. advising and training employees, officers and representatives on developing and implementing internal policies, procedures and controls on AML/CFT;

7. reporting to Senior Management on the outcome of reviews of Glomo Payments’s compliance with the IFSCA (AML CTF KYC) Guidelines & risk assessment procedures; and

8. reporting regularly on key AML/CFT risk management and control issues, and any necessary remedial actions, arising from audit, inspection & compliance reviews to Glomo Payments Senior Management.

The Principal Officer shall have a functional reporting line to the Designated Director (Chairperson of the Audit Committee) and shall submit quarterly compliance reports to the Designated Director. Any aggravated cases of breach of this AML-CFT & KYC Policy shall be escalated to the Board of Directors through the Designated Director.

15. Regulatory Reporting
In line with the PMLA and PMLR, Glomo Payments will report information relating to suspicious transactions in respect of transactions referred to in rule 3 of PMLR for CBWTR. The Principal Officer on behalf of Glomo Payments will provide all the necessary help to the authorities, such as NHB, Director FIU-IND for any further inquiries and clarifications or for any other purpose for which specific requisitions are made.

Glomo Payments shall make a report on all cross-border wire transfers of the value of more than rupee Five Lakh or its equivalent in foreign currency irrespective whether the original or destination of the fund is in India.

The Principal Officer shall report the cash transactions/suspicious transactions/counterfeit transactions to:

Director, FIU-IND,
Financial Intelligence Unit- India,
6th Floor, Tower 2,
Jeevan Bharati Building, Connaught Place,
New Delhi – 110001.
Website: http://fiuindia.gov.in

16. Due Diligence of Non-Client

1. Glomo Payments shall maintain transaction records in accordance with the terms of PMLR for any Non-Clients. Glomo Payments will collect the following information from the Customer at the time of payment processing, name; address, email id, phone number, bank account details (if applicable).

2. In addition, Glomo Payments shall conduct a Name Screening, as outlined in Clause 8 above. Before approving any payments in favor of a Customer, Glomo Payments will verify the aforementioned information to ensure accuracy prior to confirming any payments in favour of the Customers.

3. Based on the risk categorization of the transaction viz. the transaction amount, the Customer's risk category, and the jurisdiction of the Non-Client, Glomo Payments may conduct additional checks and/or request further documents (including OVDs) of the Non-Client from the Customer. These may be required to verify the Non-Client's identity and to assess the nature of the transaction to Glomo Payments’ satisfaction.

17. Employee Hiring and Training

1. On-going employee training programme shall be put in place so that the members of staff are adequately trained in AML CFT & KYC Policy. The focus of the training shall be different for frontline staff, compliance staff and staff dealing with new customers.

2. The front desk staff shall be specially trained to handle issues arising from lack of customer education.

3. Glomo Payments shall endeavour to ensure that the staff dealing with/being deployed for KYC/AML/CFT matters have high integrity, ethical standards, good understanding of extant KYC, AML and CFT Standards, effective communication skills and ability to keep up with the changing regulatory landscape for KYC/AML/CFT checks, nationally and internationally.

4. Glomo Payments shall also strive to develop an environment which fosters open communication and high integrity amongst its staff.

18. Secrecy Obligations

1. Glomo Payments shall maintain secrecy regarding the Customer’s information and documents.

2. Customer information collected shall be treated as confidential and details thereof shall not be divulged for the purpose of cross selling, or for any other purpose without the explicit permission of the customer.

3. While considering the requests for data/information from Government and other agencies, Glomo Payments shall satisfy itself that the information being sought is not of such a nature as will violate the provisions of the laws relating to secrecy in the banking transactions.

4. The exceptions to the said rule shall be as under:

   1. Where disclosure is under compulsion of law

   2. Where there is a duty to the public to disclose,

   3. The interest of bank requires disclosure and

   4. Where the disclosure is made with the express or implied consent of the customer.

19. Policy Review
The Board shall periodically review the policy adopted and recommend incorporation of suitable modifications/changes, including when there are relevant regulatory updates to the KYC/AML/CFT Standards. All such changes/modifications will be reported to the Board for approval.

20. Violations
Violations under this AML-CFT & KYC Policy include the following actions by Designated Persons:

1. Any violation of the compliance steps under this AML CFT & KYC Policy by a Designated Person.

2. On-boarding a customer, supplier, contractor, vendor, agent, investor, etc. in contravention of the AML CFT & KYC policy.

3. Requesting others to violate the AML CFT & KYC Policy.

4. Failure to promptly raise a known or suspected violation of the AML CFT & KYC Policy or notify a potential 'Red Flag' or Suspicious Transaction.

5. Failure to cooperate in investigations of possible AML CFT & KYC Policy violations.

6. Retaliation against another employee for reporting a concern under the AML CFT & KYC Policy.

7. Failure to demonstrate leadership, initiative, and diligence to ensure compliance with the AML CFT & KYC Policy, PMLA and other applicable laws.

21. Consequences of Violation
In case of violations of the AML CFT & KYC Policy, the Principal Officer shall, after considering inputs, if any, from the Designated Person, have the discretion to do the following:

21.1. Corrective Action
Corrective actions shall be prescribed by the Principal Officer to appropriate managers, officers, or other employees for implementation.

21.2. Penalties
The Principal Officer shall, based on the investigation reports have the discretion to recommend appropriate disciplinary action, including suspension and termination of service, against such a defaulting Designated Person. Depending on the nature and scale of default of the AML-CFT & KYC Policy by the defaulting Designated Person, the Principal Officer may also recommend to the Board to commence civil and/or criminal proceedings against such a Designated Person in order to enforce remedies available to Glomo Payments under applicable laws.

Appendix I: Risk Assessment Tables

A. Chargeback and Dispute Risk

Chargeback Risk (Based on % of Volume)

• 0–1% — Low Risk

• 1–2% — Medium Risk

• 2% or higher — High Risk

Dispute Risk (Per Million Transactions)

• Less than 2 — Low

• 2–5 — Medium

• 6 or more — High

B. Transaction Threshold Table

Note: This is in addition to other factors and shall not be construed as the sole determining criteria.

Low Risk

• Daily Transaction Count Limit: 5,00,000

• Daily Transaction Volume Limit: INR 20,00,000 (or equivalent)

Medium Risk

• Daily Transaction Count Limit: 50,000

• Daily Transaction Volume Limit: INR 10,00,000 (or equivalent)

High Risk

• Daily Transaction Count Limit: 1,000

• Daily Transaction Volume Limit: INR 2,00,000 (or equivalent)

C. MCC Risk Score Table

Low Risk MCC Codes

820 — Fertilizer Dealers
821 — Pesticides/ Insecticides
822 — Seeds
823 — Farm Equipment
824 — Agricultural Machinery
825 — Other Agri Inputs
4111 — Railways
4112 — Railways
4789 — Transport
4812 — Telecommunication Services
4900 — Utilities
5411 — Grocery & Supermarkets
5532 — Tyres
5542 — Automated Fuel Dispensers
5812 — Restaurants
5912 — Pharmacies
5993 — Fuel Dealers
9211 — Court Costs, including Alimony and Child support
9222 — Fines
9311 — Tax Payments
9399 — Government Services, Intra-Government Purchases, Government Only
9402 — Government Postal Services
9405 — Government Services, Intra-Government Purchases, Government Only

Medium Risk MCC Codes

4784 — Transit
4899 — Mobile, tv, spares accessories
5013 — Car décor
5065 — Electricals
5094 — Watches
5541 — Service Stations
5571 — Bike shop
5699 — Apparel and Accessories
5712 — Furniture
5722 — Small appliances, water purifier/shegdi
5732 — Electronics
5734 — Computers and laptop sales and service
5782 — Electric goods
5816 — Digital Goods
5940 — Cycle
5944 — Watches
5960 — Direct Marketing: Insurance Sales
5999 — Specialty Retail
6300 — Insurance Sales, Underwriting and Premium
7379 — Computer shop, accessories and maintenance
7394 — Furniture
7534 — Tyre Store
7629 — Electronics
8211 — School
8220 — College & University
8241 — Correspondence Course
8244 — Business and Secretarial Schools
8249 — Trade and Vocational Schools
8675 — CNG Kit

High Risk MCC Codes

4722 — Travel Agencies
5085 — export
5531 — Crockery
5533 — Inverter Battery
5719 — Batteries
7699 — Resale Electronics items Repairing