Know Your Customer’ Norms & Anti - Money Laundering Measures
Introduction
The Policy on Know Your Customer (“KYC”) Norms and Anti-Money Laundering Measures (“Policy”) is approved by the Board of Directors of AUM Securities Private Limited (ASPL) in compliance with the Master Directions issued by the Reserve Bank of India (RBI) on KYC dated February 25, 2016 (as amended from time to time) (“Master Directions”).
The Company shall adopt all best practices prescribed by the RBI from time to time and make necessary modifications to this policy to align with the prescribed standards. This Policy applies across all branches, business segments, and financial subsidiaries of the Company and is to be read alongside related operational guidelines issued periodically. The Policy shall automatically incorporate any changes or modifications advised by the RBI from time to time.
ASPL is committed to establishing a robust framework for KYC and Anti-Money Laundering measures to ensure transparency and fairness in dealing with stakeholders and to comply with applicable laws and regulations. The Company ensures that:
a. Information collected from customers is kept confidential and is not used for cross-selling or other purposes without the customer's consent.
b. Information sought from customers is relevant to the risk profile, non-intrusive, and aligned with RBI guidelines.
c. Additional information from customers is obtained separately, only with their consent, and after providing effective services.
The Company will communicate its KYC norms to its customers and ensure that the responsibility of implementing KYC norms lies with the entire organization.
The Board of Directors and management are tasked with ensuring the effective implementation of KYC norms and aligning the Company’s operations with initiatives to prevent money laundering activities.
2. KEY DEFINITIONS
a. Customer
For the purpose of this Policy, a “Customer” means any individual or entity engaged in a financial transaction or activity with the Company, including any person on whose behalf such transaction or activity is being conducted.
b. Beneficial Owner (“BO”)
A “Beneficial Owner” in relation to a customer is defined as the individual or entity considered to be the ultimate beneficiary of a financial transaction conducted with the Company. The following categories outline who qualifies as a Beneficial Owner:
KEY DEFINITIONS
a. Type of Customer and Beneficial Owners (BOs)
The identification of Beneficial Owners (BOs) depends on the type of customer as follows:
Type of Customer : Public/Private Limited Companies
Criteria for Beneficial Owners (BOs) : The BO is the natural person(s) who:
Acting alone or together, or through one or more juridical persons, has/have:
1.Controlling Ownership Interest: Ownership of/entitlement to more than 25% of shares, capital, or profits.
2.Control: The right to appoint the majority of directors or influence policy decisions via shareholding, management rights, agreements, or voting rights.
Partnership Firms | BO is the natural person(s) with ownership of/entitlement to more than 15% of the capital or profits.
Unincorporated Associations/Bodies | BO is the natural person(s) with ownership of/entitlement to more than 15% of the property, capital, or profits.
If no such natural person is identifiable, the BO is the relevant senior managing official.
Trust/Foundation | BO includes:
a) The author of the trust.
b) The trustees.
c) Beneficiaries with 15% or more interest.
d) Natural persons exercising ultimate control through a chain of ownership or control.
For listed companies or their subsidiaries, identifying individual BOs is not required.
b. Officially Valid Documents (OVDs)
“Officially Valid Documents” include:
1.Passport
2.Driving License
3.Voter’s Identity Card (Election Commission of India)
4.NREGA Job Card
5.Aadhaar Card (or E-Aadhaar)
6.Any other document specified by the Government/Regulator
A document remains valid even if a name change occurs post-issuance, provided it is supported by a marriage certificate or gazette notification.
c. Customer Due Diligence (CDD)
CDD refers to the process of identifying and verifying the customer and BO using OVDs as proof of identity and address in alignment with RBI’s KYC and AML guidelines. d. Central KYC Records Registry (CKYCR)
CKYCR is the digital repository responsible for storing, safeguarding, and retrieving the KYC records of a customer. e. Suspicious Transactions
A “Suspicious Transaction” refers to any transaction or attempted transaction that:
* Suggests proceeds from an offense specified in the Act’s Schedule, regardless of the value involved.
* Appears complex, unjustified, or lacks economic rationale or a bona fide purpose.
* Indicates potential financing of terrorism-related activities.
3. OBJECTIVE
The objective of this Policy is to ensure that AUM Securities Private Limited (ASPL) is not misused for money laundering or terrorism financing activities. By implementing robust KYC procedures, the Company aims to:
* Understand its customers better.
* Mitigate financial and reputational risks.
* Comply with regulatory requirements.
The Policy focuses on four core elements:
1.Customer Identification Procedures.
2.Customer Acceptance Policy.
3.Risk Management.
4.Monitoring of Transactions.
CUSTOMER IDENTIFICATION PROCEDURE (CIP)

Definition and Process:
Customer identification involves verifying a customer’s identity using reliable, independent source documents, data, or information. The Company must gather adequate information to: * Confirm the identity of each new customer, whether regular or occasional. * Establish the purpose and nature of the business relationship.
For Natural Persons:
* Obtain sufficient identification data to verify identity, address, and recent photographs when necessary.
For Legal Persons or Entities:
1.Verify the legal status of the entity using relevant documents.
2.Verify the authority and identity of individuals acting on behalf of the entity.
3.Understand the ownership structure to identify natural persons who ultimately control the entity.
The Company must also identify and verify the Beneficial Owners (BOs) to ensure transparency regarding control and ownership.
Third-Party Reliance for CDD:
The Company may rely on third-party CDD for account-based relationships if:
* The third party provides CDD information within two days or via the Central KYC Records Registry.
* The third party is regulated, supervised, and complies with CDD and record-keeping requirements as per the Prevention of Money Laundering Act, 2002.
* The third party is not located in high-risk jurisdictions.
* The ultimate responsibility for CDD remains with the Company.
Specific Account Types:

1. Trust/Nominee or Fiduciary Accounts:
* The Company must ensure the customer is not acting on behalf of others to bypass identification procedures.
* For trust accounts, verify the identities of trustees, settlors, protectors, beneficiaries, and signatories. For foundations, ensure founders, managers, directors, and defined beneficiaries are identified.
2. Accounts of Companies and Firms:
Assess the control structure, identify natural persons with controlling interests, and trace the source of funds. Public companies may have moderated requirements.
3. Client Accounts Opened by Professional Intermediaries:
*For single-client accounts, identify the specific client.
* For pooled accounts, identify all beneficial owners. Intermediaries must be regulated and comply with KYC standards.
4. Politically Exposed Persons (PEPs):
* PEPs are individuals with prominent public functions outside India (e.g., heads of state, senior officials).
* Verify their identity, source of funds, and public information.
* Opening PEP accounts requires senior-level approval and enhanced ongoing monitoring.
* The same norms apply to family members or close associates of PEPs.
5. Non-Face-to-Face Customers:

Apply standard identification procedures with additional safeguards, such as:
1. Document certification.
2. Requiring initial payments from accounts held at KYC-compliant banks.
3. Enhanced due diligence for cross-border customers.
5. Customer Acceptance Policy (CAP)
The guidelines for the Company’s Customer Acceptance Policy (CAP) are as follows:
a. No account shall be opened in anonymous or fictitious/benami names.
b. Accounts shall not be opened where the Company is unable to apply appropriate Customer Due Diligence ("CDD") measures, due to customer non-cooperation or the unreliability of provided documents/information.
c. No transaction or account-based relationship shall be undertaken without following the CDD procedure.
d. Mandatory information required for KYC purposes at the time of account opening and periodic updates shall be specified.
e. Additional (optional) information shall be collected with the explicit consent of the customer after the account is opened.
f. The Company shall apply the CDD procedure at the Unique Customer Identification Code ("UCIC") level. Hence, if an existing KYC-compliant customer of the Company or any other entity within the Group wishes to open another account, there shall be no need for a fresh CDD exercise.
g. The CDD procedure shall be followed for all joint account holders at the time of opening a joint account.
h. Circumstances under which a customer is permitted to act on behalf of another person/entity shall be clearly defined.
i. Appropriate checks shall be conducted to ensure that the customer’s identity does not match any individual or entity listed on the sanction list circulated by the Reserve Bank of India.
j. The Company shall not open or continue accounts where it is unable to apply appropriate customer due diligence measures due to non-cooperation or unreliable data. Any decision to close an account must be made at a senior level, with proper notice and explanation provided to the customer.
k. The conditions under which a customer may act on behalf of another person/entity shall be defined in accordance with banking laws and practices. This includes situations where an account is operated by a mandate holder or opened by an intermediary acting in a fiduciary capacity. Checks shall be conducted to ensure the identity of such customers does not match any individuals with known criminal backgrounds or ties to banned entities (e.g., terrorists or terrorist organizations).
l. The customer profile shall remain confidential, and its details shall not be used for cross-selling or any other unauthorized purposes.
m. The Company shall create a profile for each new customer, capturing details such as identity, social/financial status, business activity, and the customer’s clients’ information. This profile shall be prepared based on the risk categorization, as specified in this policy, and only relevant information will be collected. Other non-intrusive information will be sought with the customer's explicit consent, after account opening.
The Company shall ensure that the Customer Acceptance Policy does not result in the denial of financial facilities to genuine customers, especially those from disadvantaged backgrounds, without proper grounds.
The Company shall not allow professional intermediaries (e.g., lawyers, chartered accountants) to open accounts on behalf of clients if they are unable to disclose the true identity of the account holder due to professional confidentiality obligations. Furthermore, any intermediary whose obligation prevents the Company from knowing or verifying the true identity of the client or the beneficial owner, or understanding the true nature of the transactions, will not be allowed to open accounts on behalf of clients.
6. Risk Management
The Company shall classify customers into various risk categories and determine the acceptance criteria for each category. Risk categorization will be based on the following:
a. Customers will be classified as low, medium, or high-risk, based on an assessment of their identity, social/financial status, business activity, and the nature of their transactions.
b. For risk categorization, the following parameters will be considered:
The ability to confirm identity documents through online verification services, where applicable.
i. High-Risk Category:
High-risk customers typically include:
* Non-resident customers
* High-net-worth individuals without a documented occupation history of more than 3 years
* Trusts, charitable organizations, NGOs, and those receiving donations
* Companies with closely-held family ownership
* Firms with sleeping partners
* Politically Exposed Persons (PEPs), both domestic and foreign
* Individuals with a dubious reputation or known involvement in illegal activities
* Clients with poor credit histories or a history of cheque returns
ii. Medium-Risk Category:
Medium-risk customers include:
* Salaried individuals with variable income
* Self-employed professionals with a sound business track record
* New clients (within 3 months) in the broking industry
* Individuals with a slightly below-average credit score
iii. Low-Risk Category:
Low-risk customers typically include:
* Salaried employees with stable and well-defined salary structures
* Individuals working with government entities, regulators, or reputable private sector organizations
* Clients from economically disadvantaged backgrounds with low account turnover
* Individuals from Public Sector Units or reputable multinational companies
* Customers with a good credit score
In cases where an existing customer or beneficial owner becomes a PEP, senior management approval is required to continue the business relationship, along with enhanced monitoring.
7. Periodic Updation:
* Full KYC will be updated at least every two years for high-risk individuals and entities.
* Full KYC will be updated at least every ten years for low-risk customers and every eight years for medium-risk customers, considering previous customer due diligence efforts.
* Physical presence will not be required for periodic updates.
* Fresh photographs will be collected for minor customers upon reaching the age of majority.
Certified proof of identity and address will be obtained at the time of periodic update, especially from individuals not eligible for Aadhaar.
7. Monitoring of Transactions
Ongoing monitoring is a vital part of effective KYC procedures. The Company shall ensure it has a clear understanding of each customer's regular activity to identify any unusual or suspicious transactions. Special attention will be given to transactions that are unusually large, complex, or lack an apparent lawful purpose.
Transactions exceeding predefined threshold limits will be given extra scrutiny. The Company will conduct periodic reviews of customer risk categorization at least every six months.
8. Record Management
The Company shall retain transaction records for at least five years, in compliance with the Prevention of Money Laundering Act (PMLA), 2002. These records will include:
* Transaction details: nature, amount, currency, date, and parties involved
* Customer identification records and documents
* Suspicious transactions shall be reported to the relevant law enforcement authorities.
9. Internal Control Systems
The Company will implement an independent evaluation of its compliance with KYC/AML policies. Additionally, internal audits will be conducted to ensure adherence to procedures, with findings presented to the Board or Audit Committee.
10. Hiring and Training of Employees
The Company shall screen employees during recruitment to ensure that criminal activity is prevented. An ongoing training program will be conducted to ensure that all staff members understand KYC procedures, AML standards, and the importance of customer due diligence.
11. Maintenance of Records of Transactions
The Company shall maintain accurate and accessible records of customer accounts and transactions, as outlined in the PMLA, 2002. This includes preserving records of transactions for at least five years and ensuring these records are readily available for regulatory authorities.
12. Reporting to Financial Intelligence Unit-India (FIU-IND)
As required by the PMLA, 2002, the Company will report suspicious and cash transactions to FIU-IND. The Company will ensure no operational restrictions are placed on accounts where a Suspicious Transaction Report (STR) has been filed and that there is no tipping off to the customer. These cash transactions also include instances where there has been forgery involving valuable securities or documents, which may be reported to FIU-IND in plain text format.
The Company will pay particular attention to complex, unusual, or large transactions, as well as any patterns that appear unusual and lack an apparent economic or lawful purpose. It is emphasized that the background, including all relevant documents, office records, and memorandums related to such transactions and their intended purpose, should be thoroughly examined where possible. Findings at both the branch level and by the Principal Officer must be properly documented. These records are to be retained for five years, in accordance with the amended PMLA Act, 2002. Such records and associated documents will be available for scrutiny by auditors and relevant authorities, including the Reserve Bank.
In cases where transactions are abandoned or aborted by customers upon being asked to provide further information or documents, the Company will file Suspicious Transaction Reports (STRs) for these attempted transactions, regardless of whether the transactions were completed or not, and irrespective of the transaction amount.
The Company will also file STRs when there are reasonable grounds to suspect that a transaction involves proceeds of crime, regardless of the transaction's amount or the threshold limits set for predicate offenses under Part B of the PMLA, 2002 Schedule.
13. COMBATING FINANCING OF TERRORISM (“CFT”)
In accordance with PMLA Rules, suspicious transactions include those that raise reasonable suspicion of financing activities related to terrorism. The Company shall therefore establish a robust system to monitor accounts potentially linked to terrorism, enabling swift identification of such transactions and prompt reporting to the Financial Intelligence Unit – India (FIU-IND).
When the Reserve Bank circulates a list of individuals and entities approved by the United Nations' Security Council Committee, pursuant to various Security Council Resolutions (UNSCRs), the Company shall promptly update its consolidated list based on the information provided by the RBI. Before opening any new account, the Company must ensure that the proposed customer’s name does not appear on this list. Additionally, the Company shall conduct a thorough scan of all existing accounts to ensure no account is held by or connected to any individuals or entities on the list. Any matching accounts must be reported immediately to the RBI and FIU-IND. KYC norms, AML standards, and CFT procedures are in place to prevent the misuse of financial systems by criminals. The Company will implement adequate screening measures as part of the recruitment and hiring process for employees.
The Company shall also be vigilant about the risks arising from the deficiencies in the AML/CFT regimes of certain countries such as Iran, Angola, the Democratic People’s Republic of Korea (DPRK), Ecuador, Ethiopia, Pakistan, Turkmenistan, and Sao Tome and Principe, as well as any additional countries listed by the RBI.
To promote awareness of KYC/AML measures and generate alerts for suspicious activities, the Company will refer to the indicative list of suspicious actions in Annex II.
14. GENERAL CUSTOMER EDUCATION
KYC procedures may require the Company to request personal information that customers may have never been asked for before, which could lead to inquiries about the purpose of collecting such data. The Company will educate customers on the objectives of the KYC program, and front desk staff will receive special training to handle such situations effectively.
ACCOUNTS OF POLITICALLY EXPOSED PERSONS (PEPs):
Customer Due Diligence (CDD) measures will apply to Politically Exposed Persons (PEPs) and their close family members or associates. If an existing customer or beneficial owner becomes a PEP, the Company will obtain senior management approval to continue the business relationship and apply the necessary CDD measures, including enhanced ongoing monitoring.
APPLICABILITY TO BRANCHES AND SUBSIDIARIES OUTSIDE INDIA:
KYC/AML guidelines issued by the Reserve Bank of India apply to the Company's branches and majority-owned subsidiaries outside India, especially in countries that inadequately apply FATF Recommendations, as long as local laws permit. If there is a discrepancy between the KYC/AML standards of the Reserve Bank and local regulations, the stricter guidelines will be adopted.
KYC FOR EXISTING ACCOUNTS:
KYC guidelines will apply to new customers, and to existing customers on the basis of materiality and risk. Existing customer transactions will be continuously monitored for any unusual patterns.
APPOINTMENT OF COMPLIANCE OFFICER/PRINCIPAL OFFICER/DESIGNATED DIRECTOR:
A senior management officer, designated as Compliance/Principal Officer, will oversee the monitoring and reporting of all transactions, ensuring compliance with the law. The Officer will liaise with enforcement agencies, banks, and institutions involved in combating money laundering and terrorism financing. As per the Prevention of Money Laundering (Amendment) Act, 2012, the Company will designate a "Designated Director" to ensure overall compliance with PMLA obligations.
UPDATING THE KYC POLICY:
Upon receiving approval from the Board of Directors, the Company will amend its KYC/AML/CFT Policy or other related guidelines to align with updates or amendments from the RBI or other relevant authorities.
SUSPICION OF MONEY LAUNDERING/TERRORIST FINANCING:
To prevent misuse by criminal elements, ASPL will conduct full-scale customer due diligence (CDD) before opening an account if there is suspicion of money laundering or terrorist financing, or if other factors suggest the customer poses a higher risk.
FILING OF SUSPICIOUS TRANSACTION REPORT (STR):
If ASPL cannot apply appropriate CDD measures when opening or maintaining an account, it will consider not opening the account or closing an existing one. If ASPL no longer believes it knows the true identity of an account holder, it will file a STR with FIU-IND. A list of indicative suspicious activities can be found in Annexure II. 15. REVIEW/REVISION OF POLICY:
In case of a conflict between the Policy and any regulations, guidelines, or directives issued by relevant authorities, the interpretation of the regulatory provisions will prevail. If any amendments or clarifications to the regulations arise, the Policy will be updated accordingly. The Board reserves the right to alter, modify, add, delete, or amend any provisions of the Policy.
ANNEXURE - I: Customer Identification Procedure (CIP)
A detailed list of documents required for verifying customer identities is provided below.
KYC CHECKLIST
The documents required for verifying identity, address, and other details for customers, including individuals and entities, are specified under the respective categories.
ANNEXURE – II: Indicative List of Suspicious Activities
The following activities may raise suspicion:
* Large cash transactions inconsistent with normal commercial operations.
* Transactions that lack economic sense.
* Immediate withdrawals of funds after deposit without plausible business justification.
* Unusual activity in accounts with large volumes of credits not aligned with the nature of business.
* Attempts to circumvent reporting/record-keeping requirements, including reluctance to provide information for mandatory reports.
* Funds originating from countries known for money laundering.
* Customers who provide insufficient or suspicious information.
* Employees engaging in suspicious activities, such as a lavish lifestyle unsupported by their salary.