KYC/CDD/AML Policy Guidelines
Paystudio’s work in the area of payments and electronic money is aimed at ensuring that payments across the globe are secure, easy and efficient. The regulatory output in this section includes the technical standards and guidelines under the revised Payment Services Directive (PSD2); Paystudio’s Guidelines on the security of internet payments; and the Paystudio’s views on financial innovations in the payments sector, such as ‘virtual currencies’.
PayStudio facilitates e-commerce sites and merchants to accept various payment instruments from the customers for completion of their payment obligations without the need for merchants to create a separate payment integration system of their own.
PayStudio facilitates merchants to connect with acquirers. In the process, they receive payments from customers, pool and transfer them on to the merchants after a time period.
Pertaining to the guidelines issued by the Financial Action Task Force (FATF) undertaken in specific accordance with UK and EMEA Laws and regulations the “offence of money laundering” can further be understood as under :
The process where the identity of the proceeds of crime is so disguised that it gives an impression of legitimate income. Financial institutions are specifically targeted, through which they attempt to launder criminal proceeds without the firms’ knowledge or suspicion.
This KYC/AML/CFT policy / guidelines are established to prevent PayStudio from being used,intentionally or unintentionally, by criminal elements for money laundering or terrorist financing activities and mitigate possible risks of PayStudio being involved in illegal or illicit activities and to enable PayStudio to meet its legal and regulatory obligations. KYC procedures also enable PayStudio to know/ understand the customers better and manage the risks prudently and outline the offenses and penalties for failing to comply.
PayStudio falls within the scope of AML/CTF obligations, also, considers ML/TF as a serious threat to its activities, and therefore introduces and implements its Anti-Money Laundering (AML) and Counter Terrorist Financing (CTF) Policy in accordance with the recommendations, guidelines adopted by the Indian and other jurisdictions in relation to money laundering, funding of terrorism and transparency which protect PayStudio from involvement in money laundering or terrorist financing activities (“suspicious transactions”), by:
KYC / CDD :
There shall be a Know Your Customer (KYC) policy to be duly approved comprising of:
Customer Acceptance Policy:
To the generality of the aspect that Customer Acceptance Policy may contain:
- No account is opened in anonymous or fictitious usernames.
- No account is opened where the user is unable to apply appropriate CDD measures, either due to non-cooperation of the customer or non-reliability of the documents/information furnished by the customer.
- No transaction or account-based relationship is undertaken without the CDD procedure.
- The mandatory information to be sought for KYC purpose while setting up an account and during the periodic updation, is specified.
- ‘Optional’/additional information, is obtained with the explicit consent of the customer on account of exceptions.
For Risk Management, Paytudio shall have a risk based approach which includes the following.
- Customers shall be categorised as low, medium and high risk categories, based on the assessment and risk perception of PayStudio.
- Risk categorisation shall be undertaken based on parameters such as customer’s identity, social/financial status, nature of business activity, and information about the customer’s business and their location etc. While considering the customer’s identity, the ability to confirm identity documents through online or other services offered by issuing authorities may also be factored in.
Provided that various other information collected from different categories of customers relating to the perceived risk, is non-intrusive and the same is specified in the KYC policy.
Explanation: FATF Public Statement and guidance notes circulated to all entities by the RBI, may also be used in risk assessment.
Customer identification Procedure(CIP)
PayStudio shall undertake identification of customers in the following cases:
- Commencement of an account-based relationship with the customer.
- Carrying out any international money transfer operations for a person who is not an account holder of the bank.
- When there is a doubt about the authenticity or adequacy of the customer identification data it has obtained.
Ongoing Transaction Monitoring :
Detecting suspicious transactions by risk categories and risk levels, monitoring suspicious transactions.
Reporting suspicious transactions to the authorities :
Upon suspicion or any knowledge that the asset of any value is directly or indirectly derived from criminal activity or participation in such activity, or that the intended purpose of property is to sponsor one or several terrorists or terrorist organizations, PayStudio will report that to the competent authorities and will cooperate on any follow-up actions.
Terms & Definitions
“Universal Beneficial Account Owner” means any natural person or persons who ultimately own or control the User (as defined below) and, or the natural person or persons on whose behalf a transaction or activity is being conducted, and
- a) In the case of a body corporate or a body of persons:
- The universal beneficial Account owner shall consist of any natural person or persons who ultimately own or control that body corporate or body of persons through direct or indirect ownership of twenty-five percent (25%) plus one (1) or more of the shares or more than twenty-five percent (25%) of the voting rights or an ownership interest of more than twenty-five percent (25%) in that body corporate or body of persons, including through bearer share holdings, or through control via other means, other than a company that is listed on a regulated market which is subject to disclosure requirements consistent with Indian law or equivalent international standards which ensure adequate transparency of ownership information:
- Provided that a shareholding of twenty-five percent (25%) plus one (1) share or more, or the holding of an ownership interest or voting rights of more than twenty-five percent (25%) in the customer shall be an indication of direct ownership when held directly by a natural person, and of indirect ownership when held by one or more bodies corporate or body of persons or through a trust or a similar legal arrangement, or a combination thereof:
iii. Provided further that if, after having exhausted all possible means and provided there are no grounds of suspicion, no account owner in terms of this paragraph has been identified, subject persons shall consider the natural person or persons who hold the position of senior managing official or officials to be the account owners, and shall keep a record of the actions taken to identify the account owner in terms of this paragraph.
- b) In the case of trusts the account owner shall consist of:
- The settler;
- The trustee or trustees;
iii. The protector, where applicable;
- The beneficiaries or the class of beneficiaries as may be applicable; and
- any other natural person exercising ultimate control over the trust by means of direct or indirect ownership or by other means;
- c) In the case of legal entities such as foundations and legal arrangements similar to trusts, the account owner shall consist of the natural person or persons holding equivalent or similar positions to those referred to in paragraph (b).
“High Risk” means the jurisdictions designated by PayStudio as a high risk jurisdiction in
respect of any Sale or Service from time to time.
“Politically Exposed Person(PEP)” means a natural person who is or has been entrusted with prominent public functions, other than middle ranking or more junior officials. For purposes of this definition, the term “natural person who is or has been entrusted with prominent public functions” includes the following:a. Heads of State, Heads of Government, Ministers, Deputy or Assistant Ministers, and Parliamentary Secretaries;
- Members of Parliament or similar legislative bodies;
- Members of the governing bodies of political parties;
- Members of superior, supreme, and constitutional courts or of other high level judicial bodies whose decisions are not subject to further appeal, except in exceptional circumstances;
- Members of courts of auditors or of the boards of central banks;
- Ambassadors, consuls and high ranking officers in the armed forces;
- Members of the administrative, management or supervisory boards of State owned enterprises;
- Anyone exercising a function equivalent to those set out in paragraphs (a) to (f) within
- An institution or any other international body;
Furthermore, PEP also includes family members or persons known to be close associates of any individual identified in (a) – (h) above.
The term “family members” includes:
- the spouse, or a person considered to be equivalent to a spouse;
- the children and their spouses, or persons considered to be equivalent to a spouse; and
iii. the parents.
“Persons known to be close associates” means:
- a natural person known to have joint account ownership of a body corporate or any other form of legal arrangement, or any other close business relations, with that politically exposed person; or
- a natural person who has sole account ownership of a body corporate or any other form of legal arrangement that is known to have been established for the benefit of that politically exposed person.
“Prohibited Jurisdiction” means the jurisdictions designated by PayStudio as a prohibited jurisdiction in respect of the Sale or Service from time to time.
“Sanctioned Jurisdiction” means any country or territory to the extent that such country or territory is the subject of any sanction issued.
“Sanctioned Person” means any individual or entity identified on a sanctions list issued by
- a) any international jurisdiction;
- b) organized, domiciled or resident in a Sanctioned Jurisdiction; or
- c) otherwise the subject or target of any sanctions, including by reason of ownership or control by one or more individuals or entities described in clauses (a) or (b).
“Service” means any service provided by PayStudio to the Users from time to time,
including, without limitation, its payment processing and cryptocurrency exchange services, software services, and any other services or functionalities, past, present, or future.
“Transaction” means any transaction with any assets that is conducted by a user through any of the PayStudio’s websites, applications, client accounts, cryptocurrency wallets, Services, or functionalities, and the word “transact” shall be interpreted accordingly.
“User” means a person using PayStudio’s Services.
Initial and ongoing screening
- a) PayStudio will (and will always reserve a right to) screen a User prior to enabling any Transaction with such User and will continue to screen such User on an ongoing basis, to ensure that such User is not a Sanctioned Person, from a Sanctioned Jurisdiction and/or a person from a Prohibited Jurisdiction.
- b) PayStudio will screen a User prior to providing any Service to such User, and will continue to screen such User on an ongoing basis, to ensure that such User is not a Sanctioned Person, from a Sanctioned Jurisdiction and/or a person from a Prohibited Jurisdiction.
- c) If a User is a Sanctioned Person, from a Sanctioned Jurisdiction and/or a person from a Prohibited Jurisdiction, PayStudio will refuse to provide Services to such User or discontinue the provision of Services.
- d) In carrying out this screening PayStudio shall ensure to adopt software to enable
comprehensive screening to be carried out and which captures all sanctions that
PayStudio is bound to follow.
KYC/AML identification procedures
PayStudio adopts a risk-based approach to combating money laundering and terrorist financing. By adopting a risk-based approach, PayStudio is able to ensure that measures to prevent or mitigate money laundering and terrorist financing are commensurate with the identified risks.
Prior to enabling or entering into a Transaction with or for or on behalf of a User or providing any Service to a User, PayStudio will, if so required by applicable law or if it is otherwise deemed necessary or expedient:
- Identify the User and verify the User’s identity on the basis of documents, data or other information based on a reliable and independent source;
- If there is a account Owner in relation to the User, identify the account owner and take reasonable measures to verify the account owner’s identity;
- Obtain information on the purpose and intended nature of the business relationship with the User, unless the purpose and intended nature are clearly stipulated in the relevant documentation between PayStudio and the User. As part of this process, PayStudio shall obtain, amongst other matters, information on the source of funds and source of wealth of the User; and
- If a person purports to act on behalf of the User, (i) identify the person and take
reasonable measures to verify the person’s identity on the basis of documents, data or information based on a reliable and independent source; and (ii) verify the person’s authority to act on behalf of the User.
- a) To identify a User who is an individual, PayStudio will collect information from the User, including but not limited to, his full name, date of birth, place of birth, nationality, place of residence, email address, and the identity document type. PayStudio will verify the identity of the User with documents such as his national ID, passport and/or driver’s licence and utility bill.
- b) To identify a User who is a legal entity, PayStudio will collect information from the User, including but not limited to, its full legal name, registration number, date of incorporation /registration, country of incorporation / registration and lists of directors (as applicable to the entity). PayStudio will verify the User with documents such as Memorandum and Articles of Association (or equivalent), additional account ownership information and documents, and a detailed corporate chart (as applicable to the entity).
- c) If the User is not physically present for identification purposes, PayStudio may adopt more stringent standards to verify the identity of the User.
Ongoing monitoring of Users
PayStudio reserves the right to continuously monitor, on a risk sensitive basis, the business relationship with a User (as applicable) by:
- Reviewing from time to time documents, data and information that have been obtained by PayStudio to ensure that such documents, data and information are up to date;
- Conducting appropriate scrutiny of Transactions and activities carried out by Users to ensure that they are consistent with PayStudio’s knowledge of the User’s business and risk profile, and to ensure that such Transactions and activities are in line with PayStudio ’s knowledge of the Users or User’s source of funds and source of wealth; and
- Identifying transactions that are unusually large in amount or of an unusual pattern and have no apparent economic or lawful purpose.
- For the avoidance of doubt, PayStudio may undertake ongoing monitoring on Users in order to ensure that transactions shall be subject to enhanced due diligence in relation to the source of funds and source of wealth of the User equivalent amount in other currencies.
- To continuously monitor the business relationship with a User (as applicable), PayStudio may carry out a file review to ensure that information held about the User is up-to-date and that identification documents held are still valid. In addition, on a more frequent basis, PayStudio may also monitor transactional activity to identify any red-flags or ‘out of the norm’ activity.
- As part of the second line of defense, the Money Laundering Reporting Officer partnered with an analytics provider will carry out checks to ensure that regular and effective on-going monitoring is being affected and ensure that irregular or suspicious activities are effectively escalated.
Sanctioned Jurisdictions, Prohibited Jurisdictions and High Risk Jurisdictions.
PayStudio will establish and maintain the following lists of jurisdictions
(i) Sanctioned Jurisdictions
(ii) Prohibited Jurisdictions and
(iii) High Risk Jurisdictions.
In determining the list of Sanctioned Jurisdictions, Prohibited Jurisdictions and High Risk Jurisdictions, PayStudio shall take into account the lists issued by the Financial Action Task Force and by other organizations issuing guidelines and lists relating to the adequacy of legislative measures adopted by jurisdictions in relation to money laundering, funding of terrorism and transparency.
Users which are
(i) Resident or domiciled in, or
(ii) Have their source of wealth or source of funds linked to a Sanctioned Jurisdiction and/or a Prohibited Jurisdiction shall not be accepted as clients of PayStudio.
Users which are
(i) resident or domiciled in, or(ii) Have their source of wealth or source of funds linked to High Risk Jurisdictions shall be subject to additional checks and measures by PayStudio.
High risk situations.
In certain circumstances, the risk may be higher and PayStudio will need to take additional checks. These include, for example, situations where the User is from a High Risk Jurisdiction, where the User is a Politically Exposed Person, or the User’s or User’s behavior and activities raise other red flags.
In a high risk situation, PayStudio will:
- a) where a business relationship has not yet been established, obtain approval from senior management to establish the business relationship and take reasonable measures to verify the User’s or account owner’s source of wealth and source of funds that will be involved in the business relationship; and
- b) where a business relationship has been established, obtain approval from senior
management to continue the business relationship, take reasonable measures to verify the account owner’s identity, and take reasonable measures to verify the User’s or account owner’s source of wealth and source of funds that will be involved in the business relationship.
PayStudio will keep
- a) transaction records, for a period of five (05) years beginning on the date on which a transaction is completed, or for such other minimal period as may be required by applicable law; and
- b) other information collected by PayStudio for AML/KYC purposes, throughout the
continuance of the business relationship with the User and for a period of five (05) years beginning on the date on which the business relationship with the User ends, or for such other minimal period as may be required by applicable law.
Money Laundering Reporting Officer
The Money Laundering Reporting Officer shall be the person, duly authorized by PayStudio, whose duty is to ensure the effective implementation and enforcement of the AML/KYC Policy.
It is the Money Laundering Reporting Officer’s responsibility to supervise all aspects of PayStudio’s anti-money laundering and counter-terrorist financing in association with the leading analytics provider. All our employees will report any suspicious behavior or activities to the Money Laundering Reporting Officer.
Where PayStudio suspects that a User is involved in any money laundering, terrorist financing or other illegal activities, it will report any relevant knowledge or suspicion to governmental and regulatory authorities. PayStudio shall not notify any Users of any such suspicious transaction report.
Rather, in the event that PayStudio and its employees notify such Users, they may be held liable for tipping off. This is a criminal offence punishable by a fine and/or imprisonment.
In order to protect us and our users from the possible financial crimes, PayStudio shall:
- a) Perform Know Your Customer (KYC/CDD) procedures on all users and clients (natural and legal persons) on a regular basis.
- b) Perform wide risk assessments to determine the risk profile of individuals. Implement internal controls that are designed to mitigate risks of money laundering and terrorism financing.
- c) Conduct AML audits.
- d) Provide AML training to its employees.
- e) Maintain a record of identifying information provided by the user.
- f) Where PayStudio relies upon a document to verify identity, PayStudio shall maintain a copy of the document that the Company relied on that clearly evidences the type of document and any identifying information it may contain.
- g) Record the methods and result of any additional measures undertaken to verify the identity of the user.
- h) Record the resolution of any discrepancy in the identifying information obtained.
- i) Maintain all transaction and identification records for a minimum period of 10 years.
The policy on KYC/AML/CFT is subject to annual review.
If any changes in the policy are required on account of changes in the regulations or statutes, the Risk Management Committee/Authority of the PayStudio is authorized to make such changes for adoption.