At TRADEUCARE, we are firmly committed to upholding the highest standards in financial integrity by implementing robust measures to prevent money laundering and the financing of terrorism. In line with regulatory requirements, we adhere strictly to Know Your Customer (KYC) protocols, Anti-Money Laundering (AML) regulations, and Combating the Financing of Terrorism (CFT) guidelines.

We recognize that achieving strong compliance is a shared responsibility. TRADEUCARE is dedicated to equipping all employees with the knowledge and tools necessary to meet our compliance obligations effectively. Every member of staff is expected to understand and align with the company’s commitment to preventing illicit financial activities, regardless of the nature or scale of business involved.

This policy serves to educate our employees on the global efforts and legal frameworks designed to combat money laundering and terrorist financing. Compliance with this policy is mandatory. Any failure to adhere to its principles and procedures will result in strict internal disciplinary action.

By fostering a culture of awareness and accountability, TRADEUCARE ensures that it operates with transparency, integrity, and in full compliance with all applicable laws and regulations.

7.2.2 Identification and Verification of Beneficial Owners
In accordance with sub-rule (3) of Rule 9 of the Prevention of Money Laundering Rules, 2005, TRADEUCARE is required to identify the beneficial owner(s) of a customer and undertake all reasonable measures to verify their identity.

The term “Beneficial Owner” refers to the natural person(s) who ultimately owns or controls a customer and/or the person on whose behalf a transaction is being conducted. The definition varies depending on the type of customer:

a. For Corporate Entities (Companies):
The beneficial owner is the individual(s) who, either independently or jointly, or through one or more legal entities, holds a controlling ownership interest or exercises control through other means.
Controlling ownership interest is defined as holding more than 10% of the company’s shares, capital, or profits. Control includes the right to appoint the majority of directors, or the ability to influence management or key policy decisions, whether through shareholding, management rights, shareholder agreements, or voting arrangements.

b. For Partnership Firms:
The beneficial owner is the natural person(s) who, individually or collectively, or through legal entities, hold more than 15% of the firm’s capital or profits.

c. For Unincorporated Associations or Bodies of Individuals (including Societies):
The beneficial owner is the individual(s) who, either independently or collectively, or through one or more legal persons, have ownership of or entitlement to more than 15% of the property, capital, or profits of the entity.

i. If no individual is identifiable under sub-sections (a), (b), or (c), the beneficial owner shall be the natural person who holds the position of senior managing official in the respective entity.

d. For Trusts:
TRADEUCARE must identify and verify the following as beneficial owners:
i. The author/settlor of the trust
ii. The trustee(s)
iii. Any beneficiary holding 10% or more interest in the trust
iv. Any other natural person who exercises ultimate effective control over the trust through direct or indirect ownership or influence
v. In cases involving trusts, nominees, or fiduciary accounts, if a customer is acting on behalf of another person in any intermediary capacity, TRADEUCARE must obtain satisfactory evidence of both:
vi The identity of the intermediary, and
vii The individuals on whose behalf they are acting, including documentation detailing the nature and terms of the underlying arrangement.

e. Exemptions – Listed Companies:
TRADEUCARE is not required to identify or verify the identity of shareholders or beneficial owners in the following cases:
i. If the customer or the controlling interest holder is an entity listed on a recognized stock exchange in India
ii. If the entity is listed in a jurisdiction notified by the Central Government and on a recognized exchange in that jurisdiction
iii. If the entity is a subsidiary of such listed companies

7.2.3. Video based Customer Identification Process (V-CIP)

TRADEUCARE may employ live Video-Based Customer Identification Process (V-CIP) for conducting Customer Due Diligence (CDD) for individual customers. This process will be carried out by authorized TRADEUCARE officials only after obtaining the customer’s informed consent and shall comply with the following regulatory and operational guidelines:

a. Customer Identification and Verification Methods
During the V-CIP session, the authorized official shall record an audio-video interaction with the customer, capture a live photograph, and verify the customer’s identity using any one of the following methods:
• OTP-based Aadhaar e-KYC authentication
• Offline Aadhaar verification
• KYC records downloaded from the Central KYC Registry (CKYCR) using the customer’s KYC identifier, in accordance with Section 56
• Equivalent e-documents of Officially Valid Documents (OVDs), including those issued through DigiLocker

b. PAN Card Verification
The customer must display their original PAN card during the video interaction (except where a valid e-PAN is provided). A clear image of the PAN card will be captured and verified against the issuing authority’s database. Printed copies of digital PAN or e-documents shall not be accepted during the V-CIP process.

c. Geo-Tagging
The live geographic location of the customer must be captured during the interaction to confirm that the customer is physically present within India.

d. Photo and Document Matching
The TRADEUCARE official shall ensure that the photograph and details on the Aadhaar and/or PAN match the individual participating in the V-CIP, as well as the information provided during the process.

e. Real-Time Interaction Validation
To confirm the authenticity of the live interaction, the official shall vary the sequence and type of questions asked. This step helps ensure that the session is conducted in real-time and is not pre-recorded.

f. Timeliness of Offline Aadhaar Verification
If offline Aadhaar verification is used (via XML file or Secure QR Code), it must be ensured that the XML/QR code was generated no more than three (3) days before the date of the V-CIP.

g. Audit Requirement
Any customer relationship established through V-CIP shall become operational only after a concurrent audit is conducted to validate the process and ensure procedural integrity.

h. Process Security and Quality
The V-CIP process must be secure, seamless, real-time, and supported by end-to-end encrypted audio-visual communication. The quality of the interaction must be sufficient to enable clear identification of the customer. A liveness check shall be performed to detect and prevent spoofing or other fraudulent activities.

i. Application Audit and Validation
TRADEUCARE will conduct thorough software, security, and process audits of the V-CIP system before deployment to ensure compliance, robustness, and data protection.

j. Authorized Initiation and Execution
All V-CIP interactions shall be initiated from TRADEUCARE’s official domain. Third-party service providers shall not be permitted to trigger the video session. Only specially trained TRADEUCARE personnel shall carry out V-CIP activities. Detailed activity logs and the credentials of the official conducting the session must be securely maintained.

k. Data Privacy Compliance
TRADEUCARE shall take necessary steps to redact or blackout Aadhaar numbers and other sensitive identity information, in compliance with applicable data privacy and security standards.

7.2.4. V-CIP Records and Data Management:
TRADEUCARE shall ensure that all data and recordings from the Video-Based Customer Identification Process (V-CIP) are securely stored in systems located within India. The video recordings shall be preserved in a safe and secure manner, and must include a date and time stamp to ensure their authenticity.

• Secure Storage:
All V-CIP data and recordings shall be stored in systems located in India, in compliance with applicable data residency requirements.

• Data Integrity and Security:
The video recordings shall be securely stored with appropriate safeguards to prevent unauthorized access, alteration, or deletion.

• Record Management Compliance:
TRADEUCARE shall adhere to the extant record management instructions as stipulated in this policy. This includes the proper retention, secure storage, and disposal of V-CIP-related data and recordings in accordance with internal procedures.

• Activity Log Preservation:
TRADEUCARE shall maintain a detailed activity log of the V-CIP session, including the credentials of the official performing the process. This log will be securely stored and preserved for audit and compliance purposes.

7.2.4.1. CKYC
TRADEUCARE may choose to register with the Central KYC Records Registry (CKYCR) for the purpose of retrieving and managing KYC records. In cases where a customer submits their KYC Identifier (CKYCR Number) along with explicit consent to retrieve records from the CKYCR, TRADEUCARE will obtain the customer’s KYC details online using the KYC Identifier. As a result, the customer will not be required to submit the same KYC records or any additional identification documents unless one of the following conditions applies:

• Change in Customer Information:
If there is a change in the customer’s information as recorded in the CKYCR.

• Verification of Current Address:
If the customer’s current address requires verification.

• Additional Verification Requirements:
If TRADEUCARE deems it necessary to verify the identity or address of the customer, perform enhanced due diligence, or build an appropriate risk profile for the client.

• Expiry of Document Validity:
If the validity period of the documents downloaded from CKYCR has expired, requiring updated documentation from the customer.

7.2.5. Enhanced Due Diligence (EDD) for non-face-to-face customer on-boarding
TRADEUCARE may facilitate non-face-to-face onboarding, enabling the establishment of a customer relationship without requiring physical interaction. For this purpose, TRADEUCARE shall implement the Video-Based Customer Identification Process (V-CIP) through a secure digital channel or portal, ensuring that the process complies with all prescribed regulatory standards and procedures.

It is emphasized that transactions conducted through V-CIP will be considered equivalent to face-to-face Customer Identification Process (CIP), provided they meet the regulatory criteria.

Transaction Restrictions:
In such cases, transactions will only be allowed from a KYC-compliant bank account registered under the customer’s name, ensuring compliance with KYC guidelines.

7.2.6. Transactions with Politically Exposed Persons (PEPs)
A Politically Exposed Person (PEP) refers to an individual who is or has been entrusted with prominent public functions in a foreign country. This includes, but is not limited to, heads of state or government, senior politicians, senior government, judicial or military officers, senior executives of state-owned corporations, and important political party officials.

TRADEUCARE will screen customer profiles using an API linked to World Check (Refinitiv) to identify customers who may be classified as PEPs.

Procedure for Handling PEP Customers
Once a customer is identified as a PEP (including where the PEP is a beneficial owner), the following procedures shall be followed:

• High-Risk Categorization:
The customer will be classified as a High-Risk Customer due to their PEP status.

• Enhanced Customer Due Diligence (CDD):
A thorough Customer Due Diligence (CDD) procedure will be undertaken, with additional scrutiny to assess the potential risks involved.

• Source of Funds Verification:
Payments must be received from a KYC-compliant bank account held in the name of the customer.

• Management Approval:
Company Manager or Head of Department approval must be obtained before proceeding with any transaction involving a PEP customer.

• Ongoing Due Diligence:
The Compliance team must conduct ongoing due diligence to ensure that transactions remain consistent with the customer’s known business, risk profile, and the source of funds. The Compliance team shall review the transactions to verify that they align with the customer’s expected activity and profile.

i. Transactions with Non-Profit Organization
A Non-Profit Organization (NPO) is defined as any entity or organization constituted for religious or charitable purposes, as referred to in clause (15) of section 2 of the Income-tax Act, 1961. These organizations must be registered as a trust or society under the Societies Registration Act, 1860, or any similar state legislation, or as a company registered under section 8 of the Companies Act, 2013.

Before undertaking any transaction with a Non-Profit Organization (NPO), the following procedures must be adhered to:

1. Customer Due Diligence (CDD):
The appropriate Customer Due Diligence (CDD) procedures shall be conducted for the NPO, in line with the applicable regulatory requirements.

2. Registration Verification:
The NPO must be registered with the DARPAN Portal of NITI Aayog, and confirmation of this registration must be obtained.

3. Payment Source Verification:
Payments must be received from the NPO’s KYC-compliant bank account, ensuring that all financial transactions are traceable and legitimate.

ii. Periodic Review of Customer Profile
TRADEUCARE maintains a transaction-based relationship with its customers. As such, for each transaction conducted, the relevant KYC documents and transaction documents shall be reviewed. A fresh set of KYC documents will be obtained from the customer at the time foreign exchange is released.

For corporate customers, the frequency of KYC reviews will be based on the customer’s risk profile as follows:

• Low-Risk Profile:
KYC review will be conducted at least once every ten years.

• Medium-Risk Profile:
KYC review will be conducted at least once every eight years.

• High-Risk Profile:
KYC review will be conducted at least once every two years.

iii. Online Submission of Form A2
In accordance with RBI A.P. (DIR Series) Circular No. 02 dated April 12, 2023, AD Category II entities are permitted to allow online submission of Form A2 by customers, within the framework of applicable statutory and regulatory provisions. The terms and conditions outlined in A.P. (DIR Series) Circular No. 50 dated February 11, 2016 shall continue to apply to AD-II entities.

In line with the RBI directive, TRADEUCARE shall ensure the following procedures are followed:

a. Designing an Online Portal for Forex Requests:
TRADEUCARE shall create a secure online portal where customers can submit their forex requests after onboarding through the V-CIP process. Customers will be able to submit the Form A2 electronically, with a digital signature, and may also upload or submit necessary documents to verify the permissibility of remittances under the Foreign Exchange Management Act (FEMA).

b. Transaction Limits for Online Submission of Form A2:
Remittances based on the online submission of Form A2 shall be available for transactions within the following limits:

a. For Individuals: Up to USD 25,000 (or its equivalent).
b. For Corporates: Up to USD 100,000 (or its equivalent).

7.3 Monitoring of Transactions (On-going Due Diligence)

TRADEUCARE shall perform ongoing Due Diligence (regular monitoring) of customers to ensure that their transactions remain consistent with the knowledge of the customer and their business.

Ongoing monitoring is a critical component of an effective KYC/AML process. TRADEUCARE shall conduct continuous due diligence for each customer, closely scrutinizing their transactions to ensure that they align with the prevailing regulatory guidelines.

The extent of monitoring will be proportionate to the customer’s risk category. High-risk customers shall be subjected to more intensive monitoring.

TRADEUCARE should pay particular attention to the following types of transactions:

• Encashment of Foreign Currency above USD 5,000.

• Receipt of Payment in Cash just below the threshold limit.

• Corporate and Individual Customers categorized as High Risk.

• Reconversion Transactions above Rs. 10,000.

• Remittance by Tour Operators.

• Remittance for Film Shooting.

• Foreign Currency Notes Sold in excess of USD 3,000 to an individual.

7.3. Risk Management

TRADEUCARE shall adopt a risk-based approach in its operations, which will include the following components:

• Customer Categorization: Customers will be classified into Low, Medium, and High-Risk categories based on their risk profile.

• Risk Assessment Parameters: Risk categorization will be based on several factors, including:

• Customer Identity: The customer’s identity documents, social/financial status, and other relevant information.

• Nature of Business Activity: The type of business activity the customer is engaged in.

• Customer’s Location: Geographical risks, including the customer’s location and its associated risk.

• Transaction Types: Risk assessment based on the nature of transactions (cash, cheque/monetary instruments, wire transfers, forex transactions, etc.).

• Delivery Channels: Type of channels used for the delivery of products/services (e.g., online or offline).

• Ability to Verify Identity: The ease with which customer identity can be verified through online services or through documents issued by relevant authorities.

• Confidentiality of Risk Categorization: The risk category assigned to a customer, along with the specific reasons for such categorization, shall remain confidential. This information shall not be disclosed to the customer to avoid tipping off.

7.4. Internal Controls and Procedures:
• Detailed internal controls, systems, and procedures will be implemented, including segregation of duties, reporting systems, and various checks and balances.
• These controls will be subject to regular internal and external audits.

7.5. Organizational Structure:
• A clearly defined organizational structure at the Head Office, Regional Offices, and Companyes will be maintained.
• Roles, responsibilities, and reporting lines will be systematically outlined.

7.6. Operational Guidelines:
• A Manual of Instructions will be in place for various segments of the AD-II business, including Retail Sale and Purchase, Bulk Sale and Purchase, Remittance, and other miscellaneous services.

7.7. These guidelines will be updated periodically and issued as necessary.

• Audit and Compliance: Concurrent Audit and Internal Audits will be conducted to ensure compliance with RBI rules and TRADEUCARE’s internal policies.
• Written guidelines on RBI rules, Company policies, and procedures will be circulated regularly to all TRADEUCARE staff.

7.8. Independent Inspection Team:
• An independent inspection team, reporting to the Compliance Department, will be responsible for the ongoing monitoring of the internal control system. This team will conduct inspections and audits of TRADEUCARE companyes.

7.9. Anti-Money Laundering (AML) and Compliance:
• Detailed instructions on the Anti-Money Laundering Policy and Know Your Customer (KYC) norms, along with AML standards and Combating the Financing of Terrorism (CFT) guidelines issued by RBI, will be communicated to all TRADEUCARE staff for strict compliance.

7.10. Screening and Sanctions:
• Customers will be screened during transactions against updated UN Sanctions Lists and the OFAC’s SDN List.
• Transactions will be prohibited with any customers whose names appear on these sanction lists.

Additional Due Diligence based on risk category

A. LOW RISK

For Resident Indians and Non-Resident Indians (NRIs), the following documents are required:

• Self-attested copy of Photo ID (such as Aadhaar card, Voter ID, etc.)

• Self-attested copy of Address Proof (such as utility bills, bank statement, etc.)

• The photocopies must be verified against the original documents.

For Foreign Nationals, the following documents are required:

• Photocopy of Passport

• Proof of Address in India

• In the event that the address proof is unavailable, a copy of the Indian Visa must be submitted

B. MEDIUM RISK

For Resident Indians, Non-Resident Indians (NRIs), and Foreign Nationals, the following documentation and payment guidelines must be adhered to:

• KYC Documentation:

• A self-attested copy of Photo ID (e.g., Aadhaar card, Voter ID, Passport, etc.)

• A self-attested copy of Address Proof, which must be from the same city/town as the customer’s residence (e.g., utility bills, bank statement, etc.)

• Note: Photocopies of the documents must be verified with the original documents.

• Payment Guidelines: Payment must be made via bank transfer only.

C. HIGH RISK

For Resident Indians, Non-Resident Indians (NRIs), and Foreign Nationals, the following KYC documentation and payment requirements must be adhered to:

• KYC Documentation:

• A self-attested copy of Photo ID (e.g., Aadhaar card, Voter ID, Passport, etc.).

• A self-attested copy of Address Proof (e.g., utility bills, bank statements, etc.), which must be from the same city/town and should not be more than 60 days old.

• Note: Photocopies of the documents must be verified with the original documents.

• Payment Guidelines: Payment must be made via bank transfer only.

• Suspicious Transaction Reporting (STR): In case of suspicion, a Suspicious Transaction Report (STR) must be filed.

D. Corporate Entity Transactions (High-Risk Customers)

In case of a corporate entity where the risk category is categorized as High Risk due to the expected volume of transactions, the following procedure applies:

• Companyes must justify any increase in the volume of business to the compliance team through the Cluster Head.

• The Compliance Team will then review the justification and reassign the risk category, if required.

• If necessary, the Compliance Team shall report an STR to the Principal Officer based on the review.

7.12. Money Laundering and Terrorist Financing Risk Assessment by TRADEUCARE

TRADEUCARE shall carry out a ‘Money Laundering (ML) and Terrorist Financing (TF) Risk Assessment exercise periodically to identify, assess, and take effective measures to mitigate risks associated with money laundering and terrorist financing. This assessment shall focus on several factors including clients, countries or geographic areas, products, services, transactions, delivery channels, etc.

1. Risk Assessment Process:

o The process should consider all relevant risk factors before determining the overall risk level and identifying the appropriate level and type of mitigation required.

o While preparing the internal risk assessment, TRADEUCARE shall take into account sector-specific vulnerabilities shared by regulators or supervisors from time to time.

2. Documentation and Review:

o The risk assessment shall be properly documented and proportionate to the nature, size, geographical presence, and complexity of TRADEUCARE’s activities/structure.

o The periodicity of the risk assessment exercise shall be determined by the Board of TRADEUCARE, but it should be reviewed at least annually.

o The outcome of the risk assessment shall be submitted to the Board or any committee of the Board delegated with such powers, and should be made available to competent authorities and self-regulating bodies.

3. Risk Based Approach (RBA) for Mitigation:

o TRADEUCARE shall apply a Risk-Based Approach (RBA) for the mitigation and management of identified risks. The Board will approve the relevant policies, controls, and procedures in this regard.

o TRADEUCARE shall monitor the implementation of these controls and enhance them, if necessary.

8. Requirements/obligations under International Agreements – Communication from International Agencies

8.1. Obligation under the Unlawful Activities (Prevention)(UAPA) Act, 1967:
TRADEUCARE shall ensure full compliance with the provisions of Section 51A of the Unlawful Activities (Prevention) Act, 1967, and subsequent amendments, by adhering to the following:
• Daily Screening Against UNSC Lists: TRADEUCARE shall ensure it does not hold or operate any accounts in the name of individuals/entities listed in the United Nations Security Council (UNSC) Sanctions Lists:
a. ISIL (Da’esh) & Al-Qaida Sanctions List
Link: https://scsanctions.un.org/ohz5jen-al-qaida.html
b. Taliban Sanctions List
Link: https://scsanctions.un.org/3ppp1en-taliban.htm

8.2. Reference to Indian Sanctions Orders: TRADEUCARE shall also refer to relevant sanctions lists outlined under the Prevention and Suppression of Terrorism (Implementation of Security Council Resolutions) Order, 2007, and any amendments thereto.

8.3. Daily Verification & List Updates: These sanctions lists shall be verified daily, and any additions, deletions, or modifications shall be acted upon immediately to ensure compliance.

8.4. Reporting Suspicious Matches: If any individual/entity resembles a sanctioned person on these lists:

8.5. A report shall be filed with FIU-IND

8.6. The Ministry of Home Affairs (MHA) shall be notified as per UAPA Notification dated February 2, 2021 (Annex II).

8.7. Asset Freezing Procedures: TRADEUCARE shall implement asset freezing measures in accordance with the UAPA Order dated February 2, 2021. The list of Nodal Officers for UAPA is accessible via the MHA website.

8.8. Obligations under the WMD Act, 2005
In accordance with the Weapons of Mass Destruction and their Delivery Systems (Prohibition of Unlawful Activities) Act, 2005, TRADEUCARE shall ensure compliance with the Section 12A Implementation Order dated January 30, 2023, issued by the Ministry of Finance.
• Transaction Restriction: TRADEUCARE shall not proceed with any transaction if the customer details match any individual/entity in the designated WMD sanctions list.
• Ongoing Verification: At the time of onboarding and on a periodic basis, TRADEUCARE shall verify whether any individual or entity in the designated list holds funds, financial assets, or related economic resources.

8.9. Immediate Reporting: Upon identifying a match, TRADEUCARE shall:
• Report all transaction details to the Central Nodal Officer (CNO) (currently, the Director, FIU-India).
• Send a copy of the report to the State Nodal Officer and the RBI.
• File a Suspicious Transaction Report (STR) with FIU-IND.

8.10. Monitoring of Customer Assets: TRADEUCARE shall refer to the latest designated lists published by FIU-India and act upon any suspicion or confirmation of restricted assets.

8.11. Prohibition and Freeze Execution: If it is reasonably believed that a customer’s assets fall under Section 12A(2) of the WMD Act:
• TRADEUCARE shall prevent further transactions.
• Intimate the CNO without delay via email, fax, and post.

8.12. Execution of Freeze Orders: If TRADEUCARE receives an official freeze order from the CNO, it shall immediately take action to freeze the relevant assets or accounts.

8.13. Unfreezing Procedure:
• Any application received from an individual/entity regarding unfreezing shall be forwarded to the CNO within two working days, along with the full details of the frozen assets.
This policy ensures TRADEUCARE remains compliant with both domestic and international obligations to prevent money laundering, terrorism financing, and the proliferation of weapons of mass destruction.

8.14. Jurisdictions that do not or insufficiently apply the FATF Recommendations
(a) Consideration of FATF Statements
TRADEUCARE shall refer to the Financial Action Task Force (FATF) Statements circulated by the Reserve Bank of India (RBI) from time to time, as well as publicly available information, to identify jurisdictions that do not apply or insufficiently apply the FATF Recommendations. The associated risks arising from deficiencies in the Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) regimes of such countries shall be carefully assessed and considered in TRADEUCARE’s risk-based framework.
(b) Enhanced Due Diligence for High-Risk Jurisdictions
TRADEUCARE shall pay special attention to all business relationships and transactions involving:
• Persons (including legal persons and financial institutions),
• Countries and jurisdictions listed in FATF Statements as not having adequately implemented FATF Recommendations.
This includes jurisdictions categorized as High-Risk or subject to Increased Monitoring by FATF.
Note: The due diligence requirements mentioned in this section do not prohibit legitimate trade or business transactions with such jurisdictions. However, they must be approached with heightened scrutiny and adequate justification.
(c) Documentation and Reporting Requirements
For any transaction or relationship involving such high-risk countries or entities, TRADEUCARE shall:
• Investigate the background and purpose of the transaction.
• Document written findings along with all supporting documents.
• Maintain these records securely and ensure they are readily available for inspection or submission to the Reserve Bank of India or other competent authorities upon request.
(d) Technological Enablement for Sanctions Screening
TRADEUCARE shall leverage latest technological tools and innovations, including automated name screening solutions, to ensure real-time and effective compliance with international and domestic sanctions requirements. This includes:
• Screening of customers and transactions against FATF watchlists, UNSC lists, OFAC’s SDN list, and other regulatory or sanctions databases.
• Ensuring updated data feeds and robust alert mechanisms to flag any potential matches promptly.

9. Wire Transfer

TRADEUCARE shall ensure that all cross-border wire transfers are accompanied by accurate, complete, and meaningful information relating to both the originator and the beneficiary. This is in line with regulatory expectations for the prevention of money laundering and terrorist financing, and supports traceability of transactions across jurisdictions.

The following details shall be mandatorily captured and included in all cross-border wire transfers:

Originator (Remitter) Information:

a) Full name of the originator (remitter);

b) Originator’s account number (if an account is used to process the transaction);

c) At least one of the following:

• Originator’s residential address,
• National identity number,
• Customer identification number, or
• Date and place of birth.

Beneficiary Information:

d) Full name of the beneficiary;

e) Beneficiary’s account number (if an account is used to process the transaction).

Note: TRADEUCARE shall not accept or process wire transfers where the aforementioned details are incomplete, non-verifiable, or misleading. This measure is critical to ensuring compliance with global AML/CFT standards, including the FATF Recommendations and RBI guidelines.

10. Designated Director

10.1. A “Designated Director” refers to an individual appointed by the Board of TRADEUCARE, responsible for ensuring overall compliance with the obligations prescribed under Chapter IV of the Prevention of Money Laundering Act (PMLA), 2002 and the associated Rules. The Designated Director shall be a senior-level functionary empowered to oversee the institution’s adherence to AML/CFT regulatory requirements.

10.2. The name, designation, official address, and contact details of the Designated Director shall be formally communicated to the Financial Intelligence Unit – India (FIU-IND) and the Reserve Bank of India (RBI), in accordance with regulatory expectations.

10.3. Under no circumstances shall the Principal Officer be nominated as the Designated Director. The roles and responsibilities of both positions must remain distinct to ensure proper oversight and segregation of duties in compliance with applicable laws and regulations.

11. Principal Officer

(a) The Principal Officer of TRADEUCARE shall be responsible for ensuring compliance with the provisions of the Prevention of Money Laundering Act (PMLA), 2002, its associated Rules, and other applicable regulatory guidelines. The Principal Officer shall oversee the monitoring of financial transactions, ensure prompt sharing of relevant information, and submit statutory reports such as Suspicious Transaction Reports (STRs) and Cash Transaction Reports (CTRs) to the Financial Intelligence Unit – India (FIU-IND) as required.

(b) The name, designation, official address, and contact details of the Principal Officer shall be duly communicated to both FIU-IND and the Reserve Bank of India (RBI) in accordance with applicable regulatory requirements.

(c) TRADEUCARE has appointed an Alternate Principal Officer to assist the Principal Officer in fulfilling the responsibilities assigned under the PMLA framework. The Alternate Principal Officer shall act as a support to the Principal Officer and may perform duties in the Principal Officer’s absence, ensuring continuity in compliance functions and regulatory reporting.

12. Secrecy Obligations and Sharing of Information

TRADEUCARE staff shall strictly maintain confidentiality and secrecy regarding customer information that arises from the contractual relationship between TRADEUCARE and its customers. This obligation is fundamental to preserving the trust and integrity of TRADEUCARE’s operations and aligns with legal and regulatory standards governing customer data protection.

When considering any request for customer data or information from government authorities or other external agencies, TRADEUCARE staff shall exercise due diligence to ensure that such disclosure does not violate the provisions of laws relating to the secrecy of financial transactions.

However, exceptions to the obligation of confidentiality shall apply under the following circumstances:

• When disclosure is mandated by law or under any legal compulsion;
• When there exists a duty to the public to disclose such information;
• When TRADEUCARE’s legitimate business interests require such disclosure; or
• When express or implied consent for disclosure has been obtained from the customer.

All disclosures shall be made in a responsible, documented, and legally compliant manner, ensuring that TRADEUCARE’s policies and regulatory obligations are upheld.

13. INTRODUCTION OF NEW TECHNOLOGIES

TRADEUCARE shall proactively identify and assess the Money Laundering (ML) and Terrorist Financing (TF) risks that may emerge in connection with the development and introduction of new products, services, business practices, and delivery mechanisms, including the adoption of new or developing technologies applicable to both new and existing offerings.

In this regard, TRADEUCARE shall ensure the following:

(a) That a comprehensive ML/TF risk assessment is conducted prior to the launch or deployment of any new product, service, practice, delivery mechanism, or technology;

(b) That a risk-based approach is adopted to effectively manage and mitigate the identified risks by implementing appropriate Enhanced Due Diligence (EDD) measures, robust transaction monitoring systems, and other relevant risk control mechanisms.

These assessments shall be properly documented and integrated into the organization’s broader risk management framework, in alignment with regulatory expectations and international best practices.

14. CUSTOMER EDUCATION

The implementation of Know Your Customer (KYC) procedures necessitates that TRADEUCARE staff request specific information from customers, some of which may be personal or previously not required in the course of regular transactions. This may, at times, prompt questions or concerns from customers regarding the purpose and intent behind collecting such information.

To address this and to maintain transparency, TRADEUCARE shall ensure that:

• Informational leaflets and pamphlets (refer to Annexure IV) explaining the objectives and importance of the KYC program are made readily available at all companyes;

• These materials shall serve to educate and reassure customers about the regulatory and compliance framework under which such information is sought;

• Front desk and customer-facing staff shall be appropriately trained to manage such interactions with professionalism and clarity;

• Each company shall maintain an adequate stock of KYC awareness materials to ensure they are accessible for distribution as and when required.

This initiative forms an integral part of TRADEUCARE’s commitment to transparency, regulatory compliance, and customer service excellence.

15. HIRING OF EMPLOYEES AND EMPLOYEE TRAINING

A- Employees’ Training

The effectiveness of TradeuCare’s Anti-Money Laundering (AML), Know Your Customer (KYC), and Combating the Financing of Terrorism (CFT) policies is contingent upon the commitment and vigilance of its staff in identifying and mitigating financial crime risks. To this end, TradeuCare shall implement a comprehensive training program encompassing the following key components:

Training Objectives:

• Understanding Policies and Procedures: Educate staff on the internal policies and procedures designed to prevent money laundering, emphasizing the importance of obtaining a complete set of required documents from customers.

• Identifying Suspicious Transactions: Equip staff with the skills to recognize and appropriately handle suspicious transactions.

Training for New Joiners:

Manager Responsibilities:

• Timely Training: Ensure that new joiners receive training within 30 days of joining, prior to engaging in day-to-day activities, covering the AML/KYC/CFT Policy, Compliance Manual, and Operations Manual.

• Provision of Materials: Provide new joiners with copies of the AML/KYC/CFT Policy, Compliance Manual, and Operations Manual. Obtain acknowledgment and undertaking from staff confirming their understanding and commitment to adhere to the guidelines and procedures outlined in these documents. Maintain copies of these undertakings at the company and forward one copy to the Regional Compliance Manager.

• Training on Circulars: Conduct training sessions on all circulars received from the Head Office periodically.

Compliance Manager Responsibilities:

• Regional Training Oversight: Ensure that all new staff in their region are trained, and individual undertakings are collected and submitted to the Head Office compliance team concerning the AML/KYC/CFT Policy.

• Company Visits: During company visits, impart training on Reserve Bank of India (RBI) regulations, AML/KYC/CFT Policy, and company policies and procedures. Ensure that all staff attend training at least once a year.

• Documentation: Submit training attendance sheets to the Head Office compliance team.

Training Documentation and Oversight:

• Training Register: Maintain a register of all training received by TradeuCare staff. This register shall be regularly updated and overseen by the Alternate Principal Officer or Principal Officer.

• Annual Training Requirement: Ensure that every staff member undergoes training at least once every year.

Personal Accountability:

All staff must be aware of their personal obligations concerning AML/KYC/CFT compliance. Failure to report relevant information to the authorities may result in personal liability.

B- Employees’ Hiring

The Head of Human Resources (HR) shall be responsible for the appointment of personnel across various posts within TradeuCare. Appointments may be made through direct recruitment, internal promotion, or on a contractual basis, as deemed appropriate and in the best interest of the company.

Verification and Conditions of Appointment:

• Reference and Background Verification:
All appointments are contingent upon the receipt of satisfactory references and background verification from previous employers or relevant sources. This may be conducted either prior to the date of joining or, where necessary, post-appointment but prior to confirmation of the employee’s services.

• Scope of Verification:
The background verification shall cover aspects such as character, integrity, and accuracy of personal particulars submitted by the candidate.

• Adverse Findings and Termination:
In the event that it is discovered—at any stage—that the candidate has provided false information, concealed material facts, or otherwise misled the company, or if an adverse report is received concerning their character or integrity, the appointment may be summarily terminated. This provision applies to all categories of staff, including those on probation.

16. RECORD MANAGEMENT

TRADEUCARE is committed to adhering to the provisions of the Prevention of Money Laundering (PML) Act, 2002, and the Prevention of Money Laundering (Maintenance of Records) Rules, 2005 (PML Rules, 2005). In line with these provisions, TRADEUCARE staff shall ensure the following steps are taken for the proper maintenance, preservation, and reporting of customer transaction information:

a) Record Keeping Duration:

• All transaction records with customers shall be maintained for a minimum period of five years from the date of the transaction.

b) Customer Identification and Address Records:

• Records related to the identification of customers and their addresses, obtained during the course of business relationships or transactions, shall be preserved for at least five years after the termination of the business relationship.

c) Availability to Competent Authorities:

• All identification records and transaction data shall be made available to competent authorities upon request, in compliance with regulatory requirements.

d) System for Transaction Record Maintenance:

• TRADEUCARE shall implement a system for maintaining records of transactions as prescribed under Rule 3 of the PML Rules, 2005. This will ensure compliance with regulatory guidelines related to transaction record-keeping.

e) Detailed Transaction Information:

• For each transaction, TRADEUCARE shall ensure the following details are recorded, which will allow for the reconstruction of individual transactions:

o Nature of the transaction

o Amount of the transaction, including the currency denomination

o Date of the transaction

o Parties involved in the transaction

f) Record Maintenance System:

• A robust system shall be established for the proper maintenance and preservation of transaction information. This system should allow for easy and quick retrieval of data, either in hard or soft format, when requested by the competent authorities.

g) Format of Transaction Records:

• Transaction records and customer identification details shall be maintained in both hard and soft formats to ensure compliance with record-keeping requirements.

17. REPORTING TO FINANCIAL INTELLIGENCE UNIT-INDIA

TRADEUCARE acknowledges its responsibility to comply with the provisions of the Prevention of Money Laundering (PML) Act, 2002, and its associated Rules, including the PML (Maintenance of Records) Rules, 2005. As part of its compliance obligations, TRADEUCARE’s Principal Officer shall ensure the following:

a) Reporting to FIU-IND:

• The Principal Officer shall furnish the required information, as specified under Rule 3 of the PML (Maintenance of Records) Rules, 2005, to the Director, Financial Intelligence Unit-India (FIU-IND), in accordance with Rule 7 of the same Rules.

b) Reporting Formats and Tools:

• TRADEUCARE shall adhere to the reporting formats and comprehensive guidelines provided by FIU-IND for the preparation and submission of Suspicious Transaction Reports (STR), Cash Transaction Reports (CTR), and Non-Profit Organization Transaction Reports (NTR).

• TRADEUCARE shall ensure the installation and use of suitable technological tools that assist in extracting and generating CTR, STR, and NTR reports from live transaction data.

c) Confidentiality of STR Reporting:

• The Principal Officer is responsible for maintaining the confidentiality of the Suspicious Transaction Report (STR), ensuring that no tipping off occurs at any level of the organization.

• TRADEUCARE shall ensure that appropriate measures are in place to guarantee that no information about STR submission is disclosed to customers or any unauthorized parties.

18. WHAT IS AN ‘UNUSUAL’ OR ‘SUSPICIOUS’ TRANSACTION?

A Suspicious Transaction refers to any transaction, including an attempted transaction, regardless of whether it is made in cash, which raises reasonable grounds of suspicion in the view of a person acting in good faith. Such transactions may fall into one or more of the following categories:

a) Proceeds of Crime:

• The transaction gives rise to a reasonable ground of suspicion that it may involve the proceeds of an offence as specified in the Schedule to the Prevention of Money Laundering Act (PMLA), 2002, irrespective of the value involved.

b) Unusual or Unjustified Complexity:

• The transaction appears to be made under circumstances of unusual or unjustified complexity, suggesting that it is not a normal or legitimate business transaction.

c) Lack of Economic Rationale or Bona Fide Purpose:

• The transaction appears to lack any legitimate economic rationale or bona fide purpose, which raises concerns regarding its intent or legitimacy.

d) Financing of Terrorism:

• The transaction gives rise to a reasonable ground of suspicion that it may involve the financing of activities related to terrorism. This includes transactions suspected of being linked to, or intended for, terrorism, terrorist acts, or the financing of terrorism by individuals, organizations, or entities associated with such activities.

Explanation:

• Transactions that may be related to the financing of terrorism include any transaction involving funds suspected to be linked to, related to, or intended for use in terrorism, terrorist acts, or by terrorists, terrorist organizations, or those engaged in the financing of terrorism.

19. IDENTIFYING ‘UNUSUAL’ OR ‘SUSPICIOUS’ TRANSACTIONS

Indicators refer to circumstances or patterns that suggest the suspicious nature of a transaction. A suspicious transaction may be identified based on a single indicator or a combination of multiple indicators.

While this list is not exhaustive, it presents some potential situations that could suggest the occurrence of money laundering, particularly when large sums of money are involved. The following are examples of indicators that may raise suspicion:

If a transaction is deemed suspicious, it must be recorded on a Suspicious Transaction Report (STR) form, as specified in Annexure I. The completed form must then be forwarded promptly to the Principal Officer for further investigation and action.

Important: Under no circumstances should the customer be made aware that the Suspicious Transaction Report (STR) is being completed. Disclosing or informing the customer of such action constitutes ‘tipping off’, which is a criminal offense under the relevant money laundering regulations.

20. REPORTING OF SUSPICIOUS ACTIVITY

• Pre-Transaction Reporting: To the extent possible, all suspicious transactions should be reported to the Principal Officer in writing before they are undertaken.

• Post-Transaction Reporting: Full details of all suspicious transactions, whether executed or not, must be reported immediately in writing to the Principal Officer.

• Prior Approval for Suspicious Transactions: Any transaction that appears suspicious may only be undertaken with prior written approval from the Principal Officer.

• Escalation and Reporting to Authorities: If the Principal Officer is reasonably satisfied that a suspicious transaction has or may have resulted in money laundering, a report should be made to the appropriate authority, namely FIU-IND, within the prescribed time period as per the regulatory guidelines.

21. AUDIT/COMPLIANCE

• Monthly Review by Concurrent Auditor: The Concurrent Auditor shall review all transactions on a monthly basis to verify that they have been executed in compliance with the Anti-Money Laundering (AML), Know Your Customer (KYC), and Combating the Financing of Terrorism (CFT) guidelines.

• Reporting Compliance Lapses: Any compliance lapses, as identified by the Concurrent Auditor, should be promptly reported to the Board for further review and action.

• Statutory Auditor’s Certification: A certificate from the Statutory Auditor confirming compliance with the KYC / AML / CFT guidelines should be obtained at the time of preparation of the Annual Report and should be retained for record-keeping and audit purposes.

22. COMPLIANCE OF KYC/AML/CFT POLICY

• Senior Management Responsibility: Designated Director and Principal Officer shall constitute the Senior Management for the purpose of KYC compliance.

• Compliance Team Responsibility: The Compliance Team is responsible for ensuring the effective implementation of policies and procedures related to KYC/AML/CFT. All staff members at the company and regional levels are responsible for adhering to the processes and guidelines prescribed in this policy.

• Independent Auditor’s Evaluation: An Independent Auditor shall evaluate the compliance functions of TRADEUCARE regarding AML/KYC/CFT policies, procedures, and legal/regulatory requirements every two years.

• Concurrent Auditors/Internal Audit System: Concurrent Auditors or the Internal Audit team shall verify the compliance with KYC/AML/CFT policies and procedures at the Company on a monthly basis.

• Audit Reporting: The Audit Team shall submit quarterly audit notes and compliance updates to the Board for review and further action.