1. Introduction

​

Fractal Digital Ventures LLP, hereinafter referred to as 'Zylo', or 'the Company', provides online exchange services between Virtual Digital Assets (VDAs) and Fiat currency. These services involve executing purchase and sale orders for Users in compliance with the Prevention of Money Laundering Act (PMLA), 2002, its amendments, the Prevention of Money Laundering Rules, 2005, and the AML & CFT Guidelines for Reporting Entities Providing Services Related to Virtual Digital Assets issued on March 10, 2023 ("The Guidelines").

​​

The Guidelines, formally titled AML & CFT Guidelines for Reporting Entities Providing Services Related to VDAs, summarize India's anti-money laundering, counter-terrorism financing, and proliferation financing laws. They outline the obligations for Service Providers (SPs) involved in Virtual Digital Assets, emphasizing their role in applying AML/CFT/CPF measures.

​​

To comply with these regulations, the Company has developed a KYC/AML/CFT Policy ('the Policy'). This policy aims to establish a robust framework for KYC (Know Your Customer), AML (Anti-Money Laundering), and CFT (Countering the Financing of Terrorism), which will guide the Company's interactions with stakeholders.

​

The Board of Directors ('the Board') holds the ultimate responsibility for adopting and implementing this KYC/AML/CFT framework within the Company. 

​

​

​2. Objective

​

The Company aims to operate in good faith and prioritize delivering an excellent customer experience. The Policy applies to all employees, customers, and third-party agents/vendors of the Company. The objectives of the Policy are outlined as follows:

​

1. To comply with The Guidelines and other applicable laws as listed above.

2. To establish a secure and robust process for customer onboarding on the platform.

3. To provide transparent onboarding-related information to customers.

4. To prevent the Company from being used, whether intentionally or unintentionally, for money laundering or terrorist financing activities.

5. To implement a system that effectively prevents any financial transactions related to money laundering, terrorism financing, or other criminal activities through the Company's platform.

6. To document the requirements stipulated by the Prevention of Money Laundering Act (PMLA) and relevant guidelines, and to diligently identify, monitor, and promptly report any suspicious transactions to the appropriate authorities.

​

Additionally, the Policy aims to:

​

• Establish a framework for customer acceptance, identification, and onboarding in accordance with applicable laws.

• Implement a robust risk management framework, including transaction monitoring and comprehensive due diligence.

• Monitor, investigate, and report transactions of a suspicious nature to relevant authorities.

• Support regulatory and other relevant authorities in their investigations of suspicious transactions.

​

​

​

3. Definitions​

​

"Applicable Law" refers to any statute, law, regulation, ordinance, rule, judgment, order, decree, by-law, approval from the concerned authority, government resolution, directive, guideline, policy, requirement, or other governmental restriction in effect in India. This includes, but is not limited to, the Prevention of Money Laundering Act 2002 ("PMLA"), the Prevention of Money Laundering (Maintenance of Records) Rules 2005 ("PML Rules"), guidelines such as The Guidelines, and various rules and regulations of the Computer Emergency Response Team, India, and the Reserve Bank of India or its constituents/payment system providers, as updated over time.

​

"Customer" refers to a person or entity utilizing/ accessing the platform for exchanging fiat currency to virtual digital assets and vice-versa.

​

"Crypto(s)" are virtual digital assets that are cryptographically secured representations of value or contractual rights, utilizing distributed ledger technology. These can be electronically transferred, stored, or traded on the platform, examples include bitcoin (BTC) and Ether (ETH).

​

"Customer Due Diligence" involves identifying and verifying the Customer.

​

"Designated Director" is an individual appointed by the Company to oversee compliance with obligations under Chapter IV of the Prevention of Money Laundering Act, 2002 and the Prevention of Money Laundering (Maintenance of Records) Rules, 2005. This designation includes the Managing Director or another whole-time Director duly authorized by the Board of Directors.

​

"KYC Document/information" refers to documents listed in Annexure I, which include Proof of Identity, Proof of Address, and other information collected by the Company for Customer onboarding purposes.

​

"Officially Valid Document/OVD" includes documents like passport, driving license, proof of possession of an Aadhaar Number, or voter's identity card issued by the Election Commission of India. For clarity, 'Aadhaar Number' is defined under the Aadhaar (Targeted Delivery of Financial and other Subsidies, Benefits and Services) Act, 2016.

​

"Politically Exposed Persons" (PEPs) are individuals who currently hold or have held significant public positions in foreign countries.

​

"Principal Officer" is an officer appointed by the Company responsible for providing information as per Rule 8 of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005.

​

"Suspicious transaction" refers to a transaction or attempted transaction, regardless of whether it is made in cash, that, to a person acting in good faith:

​​

- Raises reasonable suspicion of involving proceeds of an offence listed in the Schedule to the Prevention of Money Laundering Act, 2002, irrespective of the amount involved; or

- Appears to be unusually complex or unjustified in its circumstances; or

- Lacks a legitimate economic rationale or bona fide purpose; or

- Raises reasonable suspicion of being related to financing activities linked to terrorism.

​

​

​

4. Scope of the Policy

​

The Policy applies to all operations of the Company that involve Customers, third-party agents/vendors, and other pertinent stakeholders.

​

​

​

5. Key Elements

​

5.1 Customer Acceptance Policy

​

The Company will establish a framework to prevent the onboarding of Customers engaged in unethical or illegal activities, deemed unacceptable based on the Company's risk assessment.

​

The Company will ensure compliance with all applicable regulations before onboarding Customers onto the platform. The following process will be implemented for Customer acceptance:

​

1. No Customer will be accepted under an anonymous or benami name.

2. Customers will not be accepted if the Company cannot identify and verify them due to non-cooperation or unreliable documentation.

3. No Customer will be allowed to transact on the platform until the Customer due diligence process is complete.

4. Customers will be informed about the required KYC documentation and information by the Company, and periodic due diligence will be communicated to them.

5. The Customer's identity will be verified to ensure they have no criminal background and are not associated with any sanctioned individuals or entities.

6. The Company will refrain from onboarding Customers associated with the following business activities:

​​

   - Terrorism, terrorist financing, or organized crime.

   - Illicit activities such as trafficking in narcotics, weapons, or wildlife.

   - Use or trade of hormonal substances in animals.

   - Human trafficking, trafficking in human organs or tissues.

   - Piracy.

   - Illegal labor practices.

   - Offenses related to child pornography, rape, or prostitution.

   - Fraud affecting India's financial interests.

   - Embezzlement and corruption by public officials.

   - Environmental crimes.

   - Counterfeiting currency or products, and infringement of intellectual property rights.

   - Provision of unauthorized investment, fund transfer, or financial services.

​​

By implementing these measures, the Company aims to uphold stringent standards for Customer onboarding and ensure compliance with regulatory requirements and ethical business practices.

​

5.2 Customer Identification Procedure

​

Customer identification process involves verifying the Customer's identity using documents and information collected from them, as detailed in Annexure I of the Policy. The Company will conduct this identification under the following circumstances:

​

1. At the commencement of the account-based relationship with the Customer.

2. When there is doubt regarding the authenticity of the documents and information provided by the Customer.

3. When there is suspicion of money laundering or terrorist financing activities involving an existing Customer of the Company.

​

To verify the Customer's identity before establishing an account-based relationship, the Company will adhere to the following conditions:

​

- Obtain records or information from third parties who have conducted Customer due diligence within two days.

- Ensure that all necessary Customer due diligence information is promptly obtained from the third party upon request.

- Confirm that the third party is regulated, supervised, or monitored for compliance with Customer due diligence and record-keeping requirements, aligning with the Prevention of Money Laundering Act, 2002 (PMLA).

- Engage third parties located in jurisdictions not deemed high risk.

- Bear the ultimate responsibility for conducting Customer due diligence and implementing enhanced due diligence measures.

 

5.3 Customer Due Diligence

​

When onboarding Customers, the Company ensures that the decision-making process regarding KYC compliance is not outsourced. The Company retains responsibility for making final decisions on Customer onboarding based on the significance and risk categorization of the Customer, using information provided by them.

​

Key checks conducted during Customer due diligence include:

​

1. Verifying Customer details against the UN Sanctions List and the Company's internal negative list.

2. Seeking approval from the Designated Director if a Politically Exposed Person (PEP) Customer seeks to onboard.

3. Identifying the Ultimate Beneficial Owner (UBO).

4. Obtaining adequate information about the User to identify the actual beneficial owner of crypto assets or the individual on whose behalf a transaction is conducted.

5. Conducting any additional checks as required by The Guidelines or other governmental authorities.

​

The Company conducts due diligence both during initial onboarding and as part of ongoing procedures:

​

- Customers are onboarded based on the aforementioned due diligence criteria.

- Ongoing due diligence of existing Customers ensures transactions align with documented Customer details and their risk profiles stored in the system.

​

Customers' records are periodically updated according to their risk profiles:

​

- High-risk Customers are updated every two years.

- Medium-risk Customers are updated every eight years.

- Low-risk Customers are updated every ten years.

​

In cases where there is a perceived higher risk associated with onboarding a Customer, the Company conducts enhanced due diligence by gathering additional information.

​​

For PEP Customers, the Company obtains extra details such as the source of funds and other relevant information, seeking approval from the Designated Director before onboarding them onto the platform.

​

5.4 Risk Profiling

 

The Company conducts risk profiling of Customers based on information and documents provided by them. A framework is implemented for risk-based classification considering factors such as business information, social financial status, background, and jurisdiction/location. Customers are categorized into High, Medium, and Low risk based on:

​

- Customer's background

- Place of residence

- Nature of business/service

- Any other relevant information

​

Risk assessment takes into account these factors to determine the appropriate risk category for each Customer. Based on the risk category identified, the Company adopts suitable risk mitigation measures. This risk assessment framework is documented, regularly reviewed, and available for authorities as required.

​

The Company refrains from onboarding Customers associated with specific activities:

​

- Customers linked to money laundering or terrorist financing

- Customers with associations in high-risk countries

- Customers involved in the gambling business

- Customers who are Politically Exposed Persons (PEPs) or associated with PEPs having ties to high-risk countries

​

High-risk Customers undergo thorough evaluation due to the potential for financial, reputational, or compliance risks to the Company. The Company carefully evaluates associations with high-risk business/services, applying enhanced due diligence for such Customers in sectors including:

​

- Multi-level marketing schemes

- Prescription drugs, herbal drugs, online pharmacies, etc.

- Gaming

- Forex (buying, selling, trading)

- Job services

- Perishable goods

- Matrimony services

- Real estate transactions

- Crowd funding

- Website hosting

​​

By implementing these measures, the Company aims to mitigate risks effectively while ensuring compliance with regulatory standards and safeguarding its operations.

 

5.5 Transaction Monitoring

 

The Company will establish monitoring checks tailored to the risk categorization of Customers. A systematic process will be implemented to monitor all transactions, continuously reviewing and refining rules to enhance effectiveness based on observed outcomes.

 

5.6 Key Appointments

 

As per the requirements of the Prevention of Money Laundering Act (PMLA) and Prevention of Money Laundering Rules (PML Rules), the Company will appoint two key personnel to ensure comprehensive compliance with these regulations:

​

1. Designated Director: The Company will nominate a Designated Director who will oversee overall compliance with the PMLA and PML Rules. This individual will be appointed by the Board of Directors and will assume responsibility for various functions outlined in the Policy. The Designated Director will also manage reporting requirements and act as the liaison with relevant regulatory authorities.

2. Principal Officer: In addition to the Designated Director, the Company will appoint a Principal Officer who will be a senior management officer distinct from the Designated Director. The Principal Officer's primary responsibility will be to ensure the implementation of transaction monitoring provisions detailed in the Policy. Furthermore, the Principal Officer will be tasked with reporting to the Financial Intelligence Unit – India (FIU-IND).

​

These appointments are crucial for ensuring robust adherence to anti-money laundering (AML) and counter-terrorism financing (CFT) measures mandated by Indian regulatory frameworks, thereby upholding integrity and compliance within the Company's operations.

 

5.7 Reporting

​

In compliance with the Prevention of Money Laundering Act (PMLA) and Prevention of Money Laundering Rules (PML Rules), the Company will report the following information to the Financial Intelligence Unit – India (FIU-IND):

​

**Suspicious Transaction Report (STR):**

 All transactions identified as suspicious following investigation will be reported to the FIU-IND within seven working days of concluding that the transaction is indeed suspicious.

​

The Company will establish and maintain a comprehensive transaction monitoring system staffed by a team of experts. This system will be responsible for monitoring, investigating, and promptly reporting any suspicious transactions to the relevant authorities. This proactive approach ensures compliance with regulatory requirements and strengthens the Company's efforts against money laundering and terrorist financing activities.

 

5.8 Internal Compliance Audit

 

The Company's Internal Audit and Compliance functions will play a critical role in evaluating and ensuring adherence to KYC policies and procedures. Specifically:

​

1. Role of Compliance Function:

 The compliance function will independently evaluate the Company's policies, procedures, and adherence to legal and regulatory requirements. This includes overseeing KYC policies to ensure they are robust and effective.

​

2. Adequate Staffing and Supervision:

Management, under the supervision of the Board, will ensure that the audit function is adequately staffed with skilled individuals capable of performing thorough evaluations and audits.

​

3. Reporting to the Board:

The results of compliance audits and evaluations will be presented to the Board or relevant Board Committee as part of their regular reporting frequency. This ensures that the Board is informed and involved in overseeing compliance efforts.

​

4. Screening Mechanism for Personnel:

The Company will establish a screening mechanism integral to the recruitment and hiring process. This mechanism aims to prevent individuals with a criminal background from gaining access to and potentially misusing financial channels.

​

5. Compliance Audit Frequency:

Compliance audits will be conducted annually or as mandated by applicable regulations. This ensures ongoing assessment and improvement of the Company's compliance framework.

​

By implementing these measures, the Company aims to uphold high standards of compliance, mitigate risks, and safeguard against potential misuse of financial systems.

 

5.9 Record Keeping

 

For the purpose of maintaining, preventing, and reporting Merchant KYC information and documents, the Company will undertake the following activities:

​

1. Record Maintenance

Maintain all necessary records of transactions between Customers and the Company for a minimum period of five years from the date of the transaction.

​

2. Preservation of Customer Identification Records:

Preserve records related to Customer identification gathered during onboarding, as well as during enhanced and ongoing due diligence processes.

​

3. Sharing with Authorities:

Ensure that these records are available for sharing with relevant authorities upon their request, in compliance with legal and regulatory obligations.

​

4. Secure Data Storage:

Develop a secure system to store and preserve data, ensuring it is both safe and easily retrievable when needed. This system will safeguard against unauthorized access and data breaches.

​

By implementing these measures, the Company aims to uphold compliance with KYC requirements, protect against financial crimes, and facilitate transparency and accountability in its operations.

​

​

​

6. Other Compliances​

​

6.1 The Company will implement the following training initiatives:

​​

1. Screening Mechanism for Hiring:

-Implement a robust screening mechanism for hiring employees, vendors, etc., to ensure individuals with appropriate qualifications and backgrounds are selected.

​​

2. Ongoing Employee Training:

   - Conduct regular training programs for employees involved in AML/KYC transactions and the onboarding team responsible for collecting Customer information and documents.

   - Provide training to frontline staff in Sales and Marketing, as well as the operations team, to equip them with knowledge on handling issues related to Customer education and compliance.

​

3. Monitoring by Audit Team:

   - The audit team will monitor activities from training through to onboarding to ensure the Company's compliance with all regulations and internal policies.

​

4. Training Frequency and Updates:

   - Conduct annual training sessions, with ad-hoc training provided in response to regulatory changes or guidance from authorities.

   - Ensure all new employees associated with relevant functions receive training within thirty days of joining the Company.

​

By implementing these training measures, the Company aims to maintain high standards of compliance, enhance staff competence in AML/KYC procedures, and effectively manage regulatory requirements and customer interactions.

 

6.2 Confidentiality of Information

 

The Company is committed to maintaining the secrecy and confidentiality of Customer information. It will ensure that any disclosure of such information is made only to relevant authorities upon request or as mandated by regulations. 

​

Information collected from Customers will be retained by the Company solely for the purpose for which it was collected. The Company pledges not to misuse collected information in any manner, thereby upholding trust and safeguarding Customer privacy and confidentiality.

​

​

​

7. Review of Policy

 

The Policy will undergo regular reviews by the Board, at least annually or more frequently if significant regulatory changes occur. These reviews are essential to assess the Policy's ongoing suitability, adequacy, and effectiveness in meeting current regulatory requirements and internal standards.

​

Any proposed changes or updates to the Policy will be subject to approval by the Board. This ensures that modifications are carefully considered, align with regulatory developments, and maintain the Policy's integrity in guiding the Company's operations related to KYC/AML compliance.

​​

By adhering to this review process, the Company aims to uphold robust governance, adapt to regulatory changes effectively, and continuously enhance its compliance framework.

 

 

 

​Annexure I

 

Due Diligence Documents

 

TABLE TO BE INSERTED