This Know Your Customer (“KYC”) and Anti-Money Laundering (“AML”) Policy (“KYC/AML Policy”) details the KYC and AML requirements, which the User needs to adhere to access and avail Bitcipher Services as made available on the CoinSwitch Platform.
You accept and understand that this KYC/AML Policy forms a legal and binding agreement between You and the LLP.
You hereby expressly consent to LLP’s continuous monitoring and collecting of information and data of Your activities while availing Bitcipher Services for the purpose of this KYC/AML Policy.
1.1 “Applicable Law” shall mean any applicable statute, law, regulation, ordinance, rule, judgment, order, decree, by-law, approval from the concerned authority, government resolution, order, directive, guideline, policy, requirement, or other governmental restriction in force in India, including without limitation the Prevention of Money Laundering Act 2002 (“PMLA”), the Prevention of Money Laundering (Maintenance of Records) Rules 2005 (“PML Rules”), and various applicable guidelines, rules and regulations of the Computer Emergency Response Team, India, and the Reserve Bank of India or its constituents/payment system providers as applicable, replaced and updated from time to time.
1.2 “Customer Due Diligence (CDD)” means identifying the customer and verifying their identity by using a reliable, independent source of documents, data, or information.
1.3 “Officially Valid Document/OVD” means the passport, the driving license, proof of possession of an Aadhaar Number, or the voter’s identity card issued by the Election Commission of India For the purpose of this definition, ‘Aadhaar Number’ means an identification number as defined under the Aadhaar (Targeted Delivery of Financial and other Subsidies, Benefits and Services) Act, 2016.
1.4 “Person” means an individual who is above eighteen (18) years of age and an Indian citizen-resident.
1.5 “Politically Exposed Person” (PEP) is a person who is authorized to perform prominent public functions in a country and includes governors of the state, members of Parliament, military officers, senior government and judicial executives, and heads of local bodies such as municipal corporations, among others. You could also qualify as a PEP if You are a family member or a close relative of such an individual.
1.6 “Suspicious Transaction” means a transaction, including an attempted transaction while availing Bitcipher Services, whether or not made using fiat currency, which under LLP’s sole discretion:
2. KYC Norms
2.1 KYC is the key principle for the identification of any individual opening and operating a User’s Bitcipher Account. KYC means to ‘Know Your Customer’ which is an effective way for an institution to confirm and thereby verify the authenticity of a customer.
2.2 The customer identification should entail verification on the basis of documents and information provided by the customer. The objectives of KYC are as under:
3. Declarations and Obligations
3.1 Declarations and Disclosure of Information by the LLP
3.1.1 LLP will identify and verify User’s identity at the time the User opts to trade using Bitcipher Services or apply to be a Customer. To this effect, LLPshall collect, and You, as the User shall provide, such documents and data, as requested by LLPfrom time to time, to establish and verify the identity of the User / for KYC purposes / to establish and verify the nature of any Suspicious Transaction undertaken while availing Bitcipher Services. All data provided by You for KYC, and customer identification purposes or information on the Suspicious Transaction, shall be true, correct, and up-to-date. LLPmay also use/deploy various software and/or technology or other means, either directly or through its service providers/vendors to establish and verify Your identity and/or the documents/information provided by You. You hereby consent to any such identity verification and KYC checks.
3.1.3 LLPshall endeavor to verify, either itself or through third-party vendors/service providers, the identity and address of the Users along with the other details and documents submitted by You as may be legally/operationally tenable, including but not limited to using the following methods:
a. PAN/e-PAN verification through government sources; or
b. Masked/Offline Aadhar/Proof of Possession of Aadhar under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016; or
c. Passport issued under the Passports Act, 1967; or
d. Verification of Voter ID card issued by the Election Commission of India; or
e. Any other document may be required by the LLP from time to time.
You as the User, hereby agree to provide the required documents and information for KYC checks in a timely manner, to create and to continue using the User’s Bitcipher Account through which the You may give instructions on the LLP.
3.1.4 Your failure as a User, to provide the requisite KYC documents or any identification documents or information as requested by LLP, may hinder or completely restrict Your use of the Bitcipher Services and the related services to the User.
3.1.5 You acknowledge and agree that the foregoing list of documentation, verification, and information may be amended by LLP by way of a notification/intimation, in its sole discretion from time to time, without prior notice.
3.1.6 LLPreserves the right to examine or request additional information and documents to establish Your identity, and financial position, including sources of Your funds and/or details of the Crypto wallet to which You transferred / from where You received any Crypto, and You shall provide all assistance and cooperation in this regard. If You fail/refuse to comply with the requirements herein, LLPshall not allow You to create or operate the User’s Bitcipher Account or carry out Crypto transactions through Bitcipher Services.
3.1.7 You agree to provide such additional documents as may be required by LLP, to ensure compliance with any Applicable Laws or LLP’s policies or a request from any law enforcement authorities immediately, upon receipt of a written request from LLP.
3.1.8 You further represent, warrant, and agree to provide true, correct, and complete KYC documents, information, and data to LLP/ its delegates/agents/representatives.
3.1.9 Where any transaction or series of transactions undertaken by You are considered as Suspicious Transaction(s) at the sole discretion of LLPor LLPreasonably perceives that it is likely to involve proceeds of crime or be used towards any illegal activity, or in an event, if LLP receives requests/requisitions from any banking partner/ payment system provider or participant/ statutory/ regulatory/ supervisory/ law enforcement authority/enforcement authority (“Authorities”), LLPshall report all such Suspicious Transaction(s) to the Authorities, as well as use, retain and share Your personal data, documents, and information available with LLPwith the Authorities, and block and freeze Your access to Your User’s Bitcipher Account, and may also increase the future monitoring of such User’s Bitcipher Account. You as the User, hereby undertake and warrant to provide all assistance, support, and cooperation in this regard including additional documents to verify the identity or the details of the transaction.
3.1.10 LLP does not allow the opening of or keeping any anonymous User Bitcipher Accounts or creating any accounts under fictitious names or on behalf of other persons whose identity has not been disclosed, or cannot be verified, or more than one (1) account for a person.
3.2 Your Obligations
3.2.1 You agree to use the Bitcipher Services only for lawful and legal purposes as per this KYC/AML Policy, as amended from time to time, and the Applicable Laws.
3.2.2 You shall not use the Bitcipher Services for any illegal or unlawful or criminal or anti-national purposes or for financing any such activity under any circumstance whatsoever.
3.2.3 You shall not impersonate another person or misrepresent Yourself on the LLP under any circumstance whatsoever.
3.2.4 You undertake and warrant not to indulge in any Benami transactions or any transactions that are in violation of any Applicable Laws, this Policy or any other policy or instruction as issued by LLPfrom time to time.
4. Customer Acceptance Policy (CAP)
4.1 Account Opening Procedures
4.1.1 Any Indian national resident can open a User’s Bitcipher Account with LLPand such User’s Bitcipher Account can only be accessed within the geographical territory and jurisdiction of India.
4.1.2 The User has to provide the following before his/ her User’s Bitcipher Account can be made operational:
a. Permanent Account Number (PAN) given by Income Tax Authorities,
b. Documents for identification and proof of residence (Aadhaar/Voter ID/Passport),
c. Live selfie from the camera.
Please note that post the account opening process, the User would be required to add and verify their bank account/UPI ID for making INR deposits/withdrawals.
4.1.3 The above documents/data would help to establish the identity of the person opening the account but would not be sufficient to prepare a profile of expected activities in the User’s Bitcipher Account. Towards this, the following additional details may need to be collected while opening the User’s Bitcipher Account:
a. Annual income,
c. If Politically Exposed Person (PEP),
d. Trading experience, and
e. Marital status.
4.1.4 The User’s User’s Bitcipher Account will only be made operational for the User to avail of our services when such documents, information as mentioned above, or any other additional information as requested by LLPhas been verified as per the satisfaction of LLP.
4.2 LLP shall maintain an audit trail of any upload/modification/download.
4.3 Safeguard measures taken by the LLP
4.3.1 Before registering a User’s Bitcipher Account, We on a reasonable efforts basis ensure that:
a. Users are not accessing the Bitcipher Services under an anonymous or fictitious/benami name.
b. No User’s Bitcipher Account is made operational and the User is not allowed to avail our services in an event if we are unable to apply appropriate CDD measures, i.e. verify the User identity and/or obtain documents required or non-reliability of the documents/information furnished to LLP, either due to non-cooperation of the User or non-reliability of the documents/information furnished by the customer.
c. No account is opened or trades are executed without following CDD procedure.
d. The User’s identity does not match with any person with a known criminal background or having any association/ relationship with banned entities/ persons such as individual terrorists or terrorist organizations etc.
4.3.2 Users are not permitted to act on behalf of another User and can only transact through his/ her own User’s Bitcipher Account, with their own funds, and for their own benefit. Users are not permitted to open any of the following:
a. an anonymous account;
b. an account under a fictitious name; or
c. an account on behalf of other persons whose identity is undisclosed or unverifiable.
4.3.3 LLPat its sole discretion may review the User’s User’s Bitcipher Account and transactions for any Suspicious Transactions or in an event if LLPreceives a request for the same from Authorities and based on LLP’s judgment or instruction from Authorities such User’s Bitcipher Account may be suspended, frozen, blocked, disabled, or terminated.
4.3.4 LLP may, in its sole discretion, refuse to open any new accounts, suspend or terminate existing User Bitcipher Account after giving due notice, or refuse to process any transactions if it is unable to ensure compliance with any of the aforementioned conditions, either due to non-cooperation by the User or due to the details provided by the User being found enlisted on any Sanctions Lists or unreliable or unverifiable to LLP’s satisfaction.
4.3.5 Requirements/obligations under international agreements & Communication from international agencies: LLPshall reasonably ensure that it does not have any account in the name of individuals appearing in the lists of individuals and entities, suspected of having terrorist links, which are approved by and periodically circulated by the United Nations Security Council (UNSC), other watchlists and sanctions lists.
5. Customer Identification Procedure (CIP)
One of the objectives of the KYC and data/information collection norms being carried out by LLPis to ensure appropriate Customer Identification. Customer Identification means undertaking the process of CDD. LLPmay need to obtain sufficient information necessary to establish, to its satisfaction, the identity of each User, whether regular or occasional and the purpose of the intended nature of the transaction being executed while availing Bitcipher Services.
Customer Identification Procedure is carried out at different stages while the Bitcipher Services is accessed by the User and is not limited to instances when:
a. Registering a User’s Bitcipher Account,
b. Periodic review of a User’s Bitcipher Account,
c. Any transaction is being executed by the User, and/or
d. The LLP has a doubt about the authenticity/veracity or the adequacy of the earlier obtained User Identification data.
5.1 User identification
Identification of a User is an important prerequisite for registering and opening a User’s Bitcipher Account. No User’s Bitcipher Account is allowed unless verification and due diligence of said User is successfully completed by LLP.
5.1.1 What is Identity?
Identity generally means a set of attributes that together uniquely identify a ‘natural’ or a ‘legal’ person. The attributes which help in the unique identity of a ‘natural’ or ‘legal’ person are called identifiers. Identifiers are of two types: a.) Primary and b.) Secondary.
a. Primary Identifiers: Means and includes the name (in full), Date of Birth, PAN number, and Passport number/Voter Identity Card/Driving License as they help in uniquely establishing the identity of the person.
b. Secondary Identifiers: Includes address, location, Nationality, and other such identification, as they help further refine the identity. User identification does not start and end at the point of application but it is always an ongoing exercise..
5.1.2 What is Identification?
Identification is the act of establishing who a person is:
a. In the context of KYC, identification means establishing who a person purports to be.
b. This is done by recording the information provided by the User covering the elements of his identity (i.e. name, and the address at which they can be located).
c. For undertaking CDD, the following shall be obtained from an individual while establishing a relationship. The features to be verified and the documents to be obtained for establishing the identity of a person are as under:
(i) Permanent Account Number (PAN) or the equivalent e-PAN, and
(ii)Certified copy of an Officially Valid Document (OVD) or the equivalent e-document thereof containing the details of identity and address. “Officially Valid Document” (OVD) means i) the Passport, ii) Aadhaar card, iii) the Voter’s Identity Card, iv) or any other document as required by LLPfrom time to time and in its sole discretion.
5.1.3 What is Verification?
Verification of identity is the process of proving whether a person actually is who they claim to be. In the context of KYC, verification is the process of seeking satisfactory evidence of the identity of those with whom LLPdoes business. This is done by carrying out checks on the correctness of the information provided by the customer.
5.1.4 Process of video-KYC
In scenarios where the document provided by a User has some issues and cannot be validated using the automated solutions LLPhas in place, a video-KYC might be required from the User to validate the identity and authenticity of the document/ information submitted by them. We would also use the video-KYC process while performing enhanced due diligence wherever required.
5.1.5 Periodic updation of KYC
Periodic updation of KYC of Users is performed at such intervals of time and using such processes/documents as decided by LLPat its sole discretion. A risk-based approach for periodic updation of KYC is to be adopted:
a. No change in KYC information: In case of no change in the KYC information, a self-declaration from the User in this regard shall be obtained through User’s email id and mobile number registered with LLP.
b. Change in address: In case of a change only in the address details of the User, a self-declaration of the new address may be obtained from the User through the User’s email id and mobile number registered with LLPalong with valid proof to be submitted by the User for the change in such address.
c. Change in contact information like a phone number or email address: In case of a change in the contact details of the User, the User can reach out to LLPto get the details updated, along with valid proof of change and demonstrating ownership of the User’s Bitcipher Account for which the details are to be updated.
5.2 Types of CDD
There are 2 types of Customer Due Diligence (CDD) that can be used in accordance with the risk category of the customer.
5.2.1 Basic Due Diligence means the collection and verification of identity proof, address proof, and a photograph to establish the identity of the User. This is done on the basis of the documents and information submitted by the User.
5.2.1 Enhanced Due Diligence (EDD) means additional diligence measures undertaken over and above the Basic Due Diligence. Steps under EDD shall include but will not be limited to checking if a User falls under the category of Politically Exposed Persons (PEPs), or is associated with any terrorist activities/groups, monitoring the account activity of such users, etc.
LLPshall conduct Basic Due Diligence, EDD, or any other due diligence activity or measures which under its sole discretion and/ or under Applicable Laws is required for a User registering or using the Bitcipher Services.
6. Anti-Money Laundering Standards
In terms of the provisions of Prevention of Money-Laundering Act, 2002 and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, as amended from time to time, Regulated Entities (REs) are required to follow certain customer identification procedures while registration with the LLP and undertaking a transaction either by establishing an account-based relationship or otherwise and monitor their transactions. Although LLPis not an RE, however LLPhas voluntarily taken steps to adopt the KYC/AML/CFT processes under the aforementioned Act and Rules.
LLPis vigilant in the fight against money laundering and under its best judgment implements processes not allowing any person to use the Bitcipher Services for money laundering and terrorist financing activities.
6.1 Steps taken to prevent Money-Laundering activities and Terrorist Financing
LLP has implemented certain steps with an objective to prevent any money laundering activity and/or terrorist financing while availing Bitcipher Services. Such processes being implemented are exhaustive in nature and are subject to change as required under any Applicable Law and/or as per LLP’s sole discretion.
7. Monitoring of Transactions – On-going Due Diligence
7.1 Monitoring and supervision of the User’s Bitcipher Account in the event of any suspicious activity is detected is essential.
7.2 As part of the ongoing due diligence process, LLPshall monitor User’s Bitcipher Account activities undertaken by a User through the LLP to reasonably ensure that they are consistent with their knowledge of the User, its risk profile, and where necessary, the source of funds.
7.3 When there are suspicions of money laundering or financing of activities relating to terrorism or where there are doubts about the adequacy or veracity of previously obtained User identification data, LLPmay review the due diligence measures including reverifying Your identity, and may request additional information. You, the User hereby confirm that You shall provide all such information, as and when requested by LLP.
7.4 Monitoring customer activity and transactions throughout the relationship helps us to know their customers, assess risk, and provide assurance that LLPis not being used for the purposes of financial crime. However, the extent of monitoring shall be aligned with the risk category of the customer. High-risk accounts have to be subjected to more intensified monitoring.
7.5 Without prejudice to the generality of factors that call for close monitoring following types of transactions shall necessarily be monitored, whereas on basis of monitoring activities conducted by LLPas described under this Policy, any User’s Bitcipher Account may be frozen or suspended / User access might be blocked or terminated as decided by LLPunder its sole discretion:
a. Very high account turnover inconsistent with the size of the balance maintained.
b. Special attention should be paid to the complex, unusually large transactions and all unusual patterns, inconsistent with the normal and expected activity of the User, which have no apparent economic rationale or lawful purpose.
7.6 LLPmay enable alerts when the transactions are inconsistent with risk categorisation and the updated profile of the customers shall be put into use as a part of effective identification and reporting of suspicious transactions.
8. Contact & Compliance Officer
8.1 LLP has appointed a ‘Principal / Compliance Officer’ to ensure overall compliance with the obligations imposed herein and under any Applicable Laws. At present, our Compliance Officer is Mr. Ashwini Kumar Sharma, Head of Compliance who can be reached at email@example.com.
8.2 In case of any complaint or queries with respect to this Policy or to report any suspicious or illegal activity of a User within Your knowledge, You may write to us at firstname.lastname@example.org.
9. Risk Management by Periodic Review
9.1 Identification of a customer is an important prerequisite for opening an account. Non-adherence to this may lead to risks e.g. frauds, money laundering, inadvertent overdrafts, and Benami/fictitious accounts.
9.2 Non-compliance of monitoring of the transactions exceeding the threshold limit and non-recording of the transactions may result in intentional splitting/structuring of transactions to evade taxes, money laundering, and financing of terrorist activities.
9.3 LLP may carry out ‘Money Laundering (ML) and Terrorist Financing (‘TF’) Risk Assessment’ periodically to identify, assess and take effective measures to mitigate money laundering and terrorist financing risk for Users, countries or geographic areas, and products, services, transactions, or delivery channels that is consistent with any national risk assessment conducted by a body or authority duly notified by the Central Government.
9.4 LLP, as a best industry practice and under its sole discretion categorizes the Users under low, medium, and high-risk categories, based on the assessment and risk perception. LLPshould prepare the profile of the customer which should contain information relating to the customer’s identity, social/financial status, nature of the business activity, and risk categorisation shall be undertaken based on these parameters.
9.5 All User Accounts should be periodically updated based on their risk category. Unless otherwise required under this Policy or under Applicable Law or for complying with any request of Authorities, at present, the periodicity of such updation should not be less than once in five (5) years in the case of low-risk category customers, and not less than once in two (2) years in case of high and medium risk categories. LLP reserves the right to change the above periodicity at any time and from time to time in its sole discretion.
9.7 LLP may take a view on risk categorisation of each customer into low, medium, and high-risk categories depending on their experience, expertise in profiling of the customer based on their understanding, judgment, assessment, and risk perception of the customer and not merely based on any group or class they belong to.
9.8 The risk assessment carried out by LLPshall:
a. be reasonably documented;
b. consider all the relevant risk factors before determining the level of overall risk and the appropriate level and type of mitigation to be applied;
c. be kept up to date; and
d. be available to competent authorities and self-regulating bodies/Authorities, if and as required under Applicable Laws.
9.9 Periodic updation of KYC
Periodic updation of KYC of Users is performed at such intervals of time and using such processes/documents as decided by LLPat its sole discretion. A risk-based approach for periodic updation of KYC is to be adopted based on the periodicity described earlier.
a. No change in KYC information: In case of no change in the KYC information, a self-declaration from the User in this regard shall be obtained through User’s email id and mobile number registered with LLP.
b. Change in address: In case of a change only in the address details of the User, a self-declaration of the new address shall be obtained from the User through the User’s email id and mobile number registered with LLPalong with valid proof to be submitted by the User for the change in such address.
c. Change in contact information like a phone number or email address: In case of a change in the contact details of the User, the User can reach out to LLPto get the details updated, along with valid proof of change.
d. Change in any other information: In case of any change in the information provided at the time of onboarding or periodic updates, the User should reach out to LLPto get the details updated, along with valid proof of change at email@example.com
10. Internal Controls
10.1 Preservation of Record / Record Management
10.1.1 LLP shall reasonably ensure that all information received for the purpose of identification or due diligence is used by it in accordance with LLP’s terms and conditions applicable. LLP shall also take necessary reasonable steps for maintenance, preservation, and reporting of User information per the internal policies and standard operating procedures of LLP.
10.1.2 In addition, the confidentiality, security, and protection against access, use, and disclosure (including publication or display) of all information of a User, collected or created by LLP shall be kept in accordance with Applicable Law.
10.1.3 LLP shall collect and maintain records, in the form of books or stored in a computer, of Your identity proof along with all documents and information provided by You and of all the transactions undertaken by You while availing the Bitcipher Services, as required under the Applicable Laws/good industry practices.
10.1.4 LLP shall maintain and report to Authorities the records of:
a. the KYC details, documents, and data of all Users who open a User’s Bitcipher Account;
b. the KYC details, documents, and data of all Users who undertake a transaction through Bitcipher Services; or
c. Your transactions through LLP.
10.2 LLP shall make available the identification records and transaction data to the authorities upon request.
10.3 If LLP:
a. suspects transactions of being involved in ML or TF, or
b. doubts the adequacy or veracity of previously obtained identification data,
necessary steps will be taken to review the due diligence measures undertaken by the LLP or the information obtained (on the purpose and intended nature of the business relationship) from the User.
10.4 Hiring of Employees
Adequate screening mechanisms as an integral part of their personnel recruitment/hiring process shall be put in place to ensure high standards and equal and fair opportunity when hiring employees.
10.5 Employee training
10.5.1 Employee training programs are put in place so that the members of concerned staff are adequately trained in KYC/AML/CFT policy. The focus of the training could be different for frontline staff, compliance staff, risk management staff, Audit staff, and staff dealing with new customers. The front desk staff is trained to handle issues arising from a lack of customer education. Proper staffing of the audit function with persons adequately trained and well-versed in KYC/AML/CFT policies, regulations, and related issues also ensure its proper implementation. e-Learning modules have been introduced for increased awareness.
10.5.2 LLPmay put in place policies and FAQs to answer any queries or questions of the Users and satisfy them while seeking information in furtherance of the Policy.
10.5.3 We have taken every effort to ensure that this Policy adheres to the applicable laws. The invalidity or un-enforceability of any part of this Policy shall not prejudice or affect the validity or enforceability of the remainder of this Policy. This Policy does not apply to any information other than the information collected by LLP.
Annex 1 – KYC-AML Standards – Dos and Don’ts