KYC and Anti-Money Laundering Policy
Updated January 1, 2020 'KNOW YOUR CUSTOMER' (KYC) and 'ANTI-MONEY LAUNDERING' (AML) POLICY
Sandton Direct (Sandton Limited, herein referred to as 'The Company') has adopted the Know Your Customer Policy (KYC) Policy with the following guidelines on KYC process and documentation: The Company shall follow customer identification procedure for opening of accounts and monitoring transactions of a suspicious nature for the purpose of reporting it to appropriate authority. The policy is based on Anti Money Laundering (AML) standards. 1. Information collected from the customer for the purpose of opening of account shall be kept confidential and the Company shall not divulge any details thereof for cross-selling or any other purposes. Information sought from the customer shall be relevant to the perceived risk, shall not be intrusive, and shall be in conformity with the guidelines issued by our legal team from time to time. Any other information from the customer shall be sought separately with his/ her/ its consent and after opening the account. 2. The objective of the KYC policy is to prevent the Company from being used, intentionally or unintentionally, by criminal elements for money laundering activities. KYC procedures also enable the Company to know/ understand its customers and their financial dealings better, which in turn help the Company to manage its risks prudently. The Company has framed its KYC policy incorporating the following four key elements: (i) Customer Acceptance Policy; (ii) Customer Identification Procedures; (iii) Monitoring of Transactions/ On-going Due Diligence; and (iv) Risk Management. 3. For the purpose of the KYC policy: a) “Beneficial Owner” refers to the natural person(s) who ultimately owns or controls a customer and/ or the natural person on whose behalf a transaction is being conducted. It also includes those persons who exercise ultimate effective control over a legal person or arrangement. b) “Customer” means a person that engages in a financial transaction or activity with the Company and includes a person on whose behalf the person that engages in the transaction or activity is acting. c) “Customer Due Diligence (CDD)” means identifying and verifying the customer and the beneficial owner using ‘Officially Valid Documents’ as a ‘proof of identity’ and ‘proof of address’.
The Company shall apply enhanced due diligence measures based on the risk assessment, thereby requiring intensive ‘due diligence’ for higher risk customers, especially those for whom the sources of funds are not clear. Examples of customers requiring enhanced due diligence shall include (a) high net worth individuals, (b) trusts, charities, NGOs and organizations receiving donations, (c) companies having close family shareholding or beneficial ownership.
Customer Identification Procedure (CIP): Customer Identification Procedure to be carried out at different stages as under: Commencement of an account-based relationship with the customer; When the Company has a doubt about the authenticity or adequacy of the customer identification data obtained by the Company. Customer identification means identifying the customer and verifying his/ her/ its identity by using reliable, independent source documents, data or information; and Carrying out a financial transaction. a) The Company shall obtain sufficient information necessary to establish, to its satisfaction, the identity of each new customer, whether regular or occasional, and the purpose of the intended nature of business relationship. Being satisfied means that the Company should be able to satisfy the competent authorities that due diligence was observed based on the risk profile of the customer, in compliance with the extant guidelines in place. Besides risk perception, the nature of information/documents required would also depend on the type of customer (individual, corporate, etc.). For customers that are natural persons, the Company shall obtain sufficient identification data to verify the identity of the customer, his/ her address/ location, and also his/ her recent photograph. For customers that are legal persons or entities, the Company shall(i) verify the legal status of the legal person/ entity through proper and relevant documents; (ii) verify that any person purporting to act on behalf of the legal person/entity is so authorized and identify and verify the identity of that person; and (iii) understand the ownership and control structure of the customer and determine who are the natural persons who ultimately control the legal person. Customer identification requirements in respect of a few typical cases, especially, legal persons requiring an extra element of caution, are given in Annexure - I. If the Company accepts such accounts in terms of the Customer Acceptance Policy, the Company shall take reasonable measures to identify the beneficial owner(s) and verify his/ her/ their identity in a manner so that it is satisfied that it knows who the beneficial owner(s) is/are. An indicative list of the nature and type of documents/information that shall be relied upon for customer identification is given in the KYC Documentation Policy annexed as Annexure-II. b) The Company shall ensure that decision-making functions of determining compliance with KYC norms shall not be outsourced. c) Introduction shall not be sought while opening accounts.
The Company shall allot Unique Customer Identification Code (UCIC) to all their customers while entering into any new relationships. 6. Monitoring of Transactions/ On-going Due Diligence: a) The Company shall pay special attention to all large and complex transactions, and those with unusual patterns, inconsistent with normal and expected activity of the customer, which have no apparent economic rationale or legitimate purpose. b) The Company shall prescribe threshold limits for specific categories of accounts and pay particular attention to the transactions which exceed prescribed thresholds, based on income and / or net worth of the customer. c) No cash transactions are done by the Company, since all disbursements and repayments are made through normal banking channels only. Very high account turnover inconsistent with the size of the balance maintained may indicate that funds are being 'washed' through the account. d) High-risk accounts shall be subjected to intensify monitoring and enhanced due diligence. The Company shall set key indicators for such accounts, taking note of the background of the customer, such as the country of origin, sources of funds, the type of transactions involved and other risk factors. The Company shall put in place a system of periodical review of risk categorization of accounts, with such periodicity being at least once in 6 (six) months and the need for applying enhanced due diligence measures. e) The records of transactions in the accounts shall be preserved and maintained. f) While currently, no cash transactions are undertaken, in the unforeseen event of such transactions taking place, the Company will maintain a proper record of all cash transactions (deposits and withdrawals) . The internal monitoring system shall have an inbuilt procedure for reporting of such transactions and those of suspicious nature to controlling/ head office on a fortnightly basis. 7. Risk Management: a) Through this policy, the Board of Directors of the Company is ensuring the formal documentation of its KYC programme. The management will establish appropriate procedures to ensure its effective implementation. b) The Company’s internal audit and compliance functions have an important role in evaluating and ensuring adherence to the KYC policies and procedures. As a general rule, the compliance function would provide an independent evaluation of the Company’s own policies and procedures, including legal and regulatory requirements. The audit machinery shall be staffed adequately with individuals who are well-versed in such policies and procedures. The Internal Auditors shall specifically check and verify the application of KYC procedures at the branches and comment on the lapses observed in this regard. The compliance in this regard shall be put up before the Audit Committee of the Board on quarterly intervals. c) The Company shall have an ongoing employee training programme so that the members of the staff are adequately trained in KYC and AML procedures. Training requirements shall have different focuses for frontline staff, compliance staff and staff dealing with new customers. It is crucial that all those concerned fully understand the rationale behind the KYC policy and implement the same consistently. d) The Company shall constitute an Anti-Money Laundering Committee (“AML Committee”) comprising of (i) CEO and Whole Time Director, (ii) Chief Operations Officer, (iii) Operations Representative, (iv) Chief Risk Officer and (v) Compliance Officer of the Company and the Terms of Reference of the said AML Committee shall be as mentioned below: i. To define, approve, modify the AML Policy and procedures & Control / monitoring mechanism ii. To provide framework for clients acceptance criteria iii. To define sub-delegation of authority matrix iv. To define KYC and additional KYC requirement for clients v. To define Reporting structure for Suspicious Transactions vi. To design programs to educate the staff on AML. vii. To appoint auditor for AML purpose and define the scope of audit viii. To review audit report provide the risk mitigation measures. ix. To place the audit report along with comments of committee, at the Board Meeting 8. Customer Education: Implementation of KYC procedures requires the Company to demand certain information from customers, which may be of personal nature or which have hitherto never been called for. This can sometimes lead to a lot of questioning by the customer as to the motive and purpose of collecting such information. The Company shall prepare specific literature/ pamphlets etc. so as to educate the customer of the objectives of the KYC programme. The front desk staff shall be specially trained to handle such situations while dealing with customers. 9. Introduction of New Technologies: The Company shall pay special attention to any money laundering threats that may arise from new or developing technologies that might favour anonymity, and take measures, if needed, to prevent its use in money laundering schemes. 10. Review of KYC for the Existing Accounts: a) The Company shall also apply this policy to the existing customers on the basis of materiality and risk. Moreover, transactions in existing accounts shall be continuously monitored and any unusual pattern in the operation of the account shall trigger a review of the CDD measures. b) The Company shall consider applying monetary limits to such accounts based on the nature and type of the account. All the existing accounts of companies, firms, trusts, charities, religious organizations and other institutions are subjected to minimum KYC standards which would establish the identity of the natural/legal person and those of the 'beneficial owners'. c) Where the Company is unable to apply appropriate KYC measures due to non-furnishing of information and/ or non-cooperation by the customer, the Company shall consider closing the account or terminating the business relationship after issuing due notice to the customer explaining the reasons for taking such a decision. Such decisions shall be taken at a reasonably senior level. d) The Company shall carry out periodic updations at least once in every 2 years for high risk customers, once in every 8 years for medium risk customers and once in every 10 years for low risk customers, subject to the following conditions: - Fresh proofs of identity and address shall not be sought at the time of periodic updating, from low risk customers, when there is no change in status of their identities and addresses and a self-certification to that effect is obtained; - certified copy of the proof of address forwarded by ‘low risk’ customers through mail/ post, etc. in case of change of address shall be acceptable; - physical presence of low risk customer at the time of periodic updations shall not be insisted upon; and - time limits prescribed above would apply from the date of opening of the account/ last verification of KYC.