ANTI-MONEY LAUNDERING (AML) AND KNOW YOUR CUSTOMER (KYC) POLICY

ANTI-MONEY LAUNDERING (AML) AND KNOW YOUR CUSTOMER (KYC) POLICY

• Prevention of Money Laundering Act, 2002 (PMLA) and the Prevention of Money Laundering (Maintenance of Records) Rules, 2005
• Reserve Bank of India (RBI) Master Direction — Know Your Customer (KYC) Direction, 2016 (as amended from time to time)
• Financial Intelligence Unit — India (FIU-IND) Guidelines
• Foreign Exchange Management Act, 1999 (FEMA)
• Unlawful Activities (Prevention) Act, 1967 (UAPA)
• Information Technology Act, 2000
• Payment and Settlement Systems Act, 2007
• All circulars, notifications, and directions issued by RBI, FIU-IND, and other competent authorities from time to time

Term	Meaning
Money Laundering	The process of concealing the origins of illegally obtained funds by passing them through a complex sequence of banking transfers or commercial transactions
Terrorist Financingr	Providing or collecting funds with the intention that they be used to carry out terrorist acts
KYC	Know Your Customer — the mandatory process of verifying the identity of Users before and during the course of providing services
AML	Anti-Money Laundering — measures taken to prevent, detect, and report money laundering activities
CDD	Customer Due Diligence — the process of identifying and verifying a customer's identity and assessing associated risks
EDD	Enhanced Due Diligence — additional verification measures applied to high-risk customers
SDD	Simplified Due Diligence — reduced verification measures applicable to low-risk customers
PEP	Politically Exposed Person — an individual who holds or has held a prominent public function
STR	Suspicious Transaction Report — a report filed with FIU-IND upon detection of a suspicious transaction
CTR	Cash Transaction Report — mandatory report for cash transactions above prescribed thresholds
Beneficial Owner	The natural person who ultimately owns or controls a customer or on whose behalf a transaction is conducted
FIU-IND	Financial Intelligence Unit — India, the national agency responsible for receiving and analyzing financial intelligence
PMLA	Prevention of Money Laundering Act, 2002
FATF	Financial Action Task Force — the international standard-setting body for AML/CFT measures
High-Risk Customer	A customer assessed to pose elevated risk of money laundering or financial crime
User	Any registered individual, retailer, distributor, or API partner using the Cashmo Platform

• All Users registered on the Cashmo Platform including individuals, retailers, distributors, and API Partners.
• All financial transactions processed through the Platform regardless of value or nature.
• All employees, officers, directors, agents, and contractors of Cashmo who handle financial transactions or customer data.
• All API Partners accessing Cashmo services through authorized integrations.
• All business relationships and transactions conducted through or facilitated by the Cashmo Platform.

• Prevent the Cashmo Platform from being used as a channel for money laundering, terrorist financing, or any other financial crime.
• Establish robust Know Your Customer procedures to verify the identity of all Users before and during the provision of services.
• Implement effective transaction monitoring systems to detect suspicious activity.
• Ensure timely and accurate reporting of suspicious transactions to FIU-IND and other competent authorities.
• Maintain complete and accurate records of all transactions and KYC documents as required by law.
• Ensure full compliance with all applicable AML and KYC laws, regulations, and guidelines.
• Protect Cashmo's reputation and operational integrity from association with financial crime.

• Cashmo shall accept Users only after satisfactory completion of the applicable Customer Due Diligence (CDD) process.
• Cashmo shall not open or maintain accounts for:
  • Anonymous or fictitious persons.
  • Persons using false names or fabricated identities.
  • Persons on government-issued sanctions or watch lists.
  • Entities whose beneficial ownership cannot be determined.
  • Persons previously barred from the Platform for AML violations.
  • Persons whose source of funds cannot be reasonably established.
• Cashmo reserves the right to decline any User registration without assigning reasons where the applicable KYC or CDD requirements cannot be satisfactorily met.

• Identity Proof (any one):
  • Aadhaar Card (as per UIDAI guidelines)
  • PAN Card
  • Passport
  • Voter Identity Card
  • Driving License
• Address Proof (any one):
  • Aadhaar Card
  • Passport
  • Utility Bill (not older than 3 months)
  • Bank Account Statement (not older than 3 months)
  • Driving License
• Additional Information:
  • Full legal name (as per government-issued ID)
  • Date of birth
  • Mobile number (OTP verified)
  • Email address
  • Photograph (recent)
  • PAN Card (mandatory for transactions above prescribed thresholds)

• Certificate of Incorporation or Business Registration Certificate.
• PAN Card of the entity.
• GST Registration Certificate (where applicable).
• Memorandum and Articles of Association (for companies).
• Partnership Deed (for partnerships).
• Board Resolution authorizing the account opening and designating the authorized signatory.
• KYC documents of all directors, partners, or beneficial owners holding 10% or more ownership.
• Proof of registered business address.

• All identity documents shall be verified against the original or through authorized electronic verification channels including:
  • Aadhaar OTP / biometric authentication via UIDAI
  • PAN verification via Income Tax Department / NSDL
  • Bank account verification via NPCI / penny drop
• Physical document verification may be required for high-value or high-risk accounts.
• Video KYC may be conducted in accordance with RBI guidelines on Video-based Customer Identification Process (V-CIP).

• Transaction volumes are low and consistent with the User's stated purpose.
• The User's identity is verifiable through reliable government databases.
• The nature of the service requested poses minimal money laundering risk.
• The User's geographical location and profile do not present elevated risk indicators.

• Politically Exposed Persons (PEPs):
  • Individuals who hold or have held prominent public functions including heads of state, senior government officials, senior judicial or military officials, senior executives of state-owned enterprises.
  • Immediate family members and close associates of PEPs shall also be subject to EDD.
• High-Risk Geographies:
  • Users residing in or transacting with jurisdictions identified by FATF as high-risk or non-cooperative.
  • Users transacting with countries subject to UN, Government of India, or RBI sanctions.
• High-Value Transactions:
  • Users conducting transactions above prescribed thresholds as determined by Cashmo's risk assessment.
• Unusual Transaction Patterns:
  • Users whose transaction patterns are inconsistent with their stated profile or purpose.
• Adverse Media and Watch List Matches:
  • Users identified through adverse media screening or sanctions list checks.

• Additional identity verification documents.
• In-person or Video KYC verification.
• Source of funds declaration and verification.
• Source of wealth documentation.
• Increased transaction monitoring frequency.
• Senior management approval for account opening or continuation.
• Regular periodic reviews of the business relationship.

• Cashmo shall conduct periodic reviews of User KYC information to ensure it remains accurate, current, and complete.
• Review frequency shall be determined by the User's risk classification:

  Risk Category	KYC Review Frequency
  Low Risk	Every 2 years
  Medium Risk	Every 1 year
  High Risk	Every 6 months
  PEPs	Every 6 months

• Users shall be notified in advance of upcoming KYC review requirements and must submit updated documents within the stipulated period.
• Failure to complete periodic KYC review within the stipulated period shall result in transaction restrictions or account suspension until compliance is achieved.

• Users are required to promptly inform Cashmo of any change in the following:
  • Name (in case of marriage or legal name change)
  • Residential or business address
  • Contact details including mobile number and email
  • Business structure or beneficial ownership
  • Any change in PEP status
• Updated KYC documents must be submitted within 30 days of any such change.

Risk Parameter	Factors Considered
Customer Risk	Occupation, business type, PEP status, adverse media
Geographic Risk	Location, cross-border transaction exposure
Product / Service Risk	Nature of services used, transaction types
Transaction Risk	Volume, frequency, amounts, patterns
Channel Risk	Mode of onboarding, transaction channel

Risk Category	Description
Low Risk	Salaried individuals, small retailers with low transaction volumes, standard domestic transactions
Medium Risk	Self-employed individuals, SMEs, moderate transaction volumes
High Risk	PEPs, large cash transactions, cross-border exposure, high-value accounts, unusual patterns

• Risk classifications shall be reviewed periodically and upon any material change in the User's profile or transaction behavior.
• A User's risk classification may be upgraded at any time upon detection of risk indicators without prior notice.

• Review the User's submission and all supporting documents provided.
• Verify transaction records and system logs relevant to the grievance.
• Coordinate with relevant internal departments for technical or financial verification.
• Liaise with third-party service providers where the grievance involves an external service delivery failure.

• Monitor all transactions on the Platform in real time.
• Detect unusual, suspicious, or anomalous transaction patterns.
• Generate alerts for transactions that breach prescribed thresholds or exhibit suspicious characteristics.
• Enable timely investigation and reporting of suspicious activity.

• Transactions that are inconsistent with the User's stated occupation, income, or business profile.
• Sudden and unexplained increase in transaction volume or frequency.
• Multiple transactions just below reporting thresholds — indicative of structuring.
• Transactions involving multiple beneficiaries in rapid succession without apparent business reason.
• Deposits followed immediately by withdrawals or transfers to unrelated accounts.
• Transactions involving jurisdictions or counterparties on sanctions lists or FATF high-risk countries.
• Use of multiple accounts or devices to conduct transactions that appear coordinated.
• Transactions funded by multiple sources that are inconsistent with the User's profile.
• Refusal by the User to provide satisfactory explanation for unusual transactions.
• Requests to split transactions to avoid reporting thresholds.
• Any transaction that lacks a clear and legitimate economic purpose.

• Cash Transaction Reports (CTR):Cashmo shall file CTRs with FIU-IND for all cash transactions of ₹10,00,000 (Rupees Ten Lakhs) or above within a calendar month, whether conducted as a single transaction or a series of related transactions.
• Suspicious Transaction Reports (STR):Cashmo shall file STRs with FIU-IND within 7 working days of forming a reasonable suspicion that a transaction involves proceeds of crime or is connected to money laundering or terrorist financing, regardless of the transaction amount.
• Non-Profit Organization Transactions (NTR):Cashmo shall file NTRs for transactions involving non-profit organizations as required under PMLA Rules.
• Cross-Border Wire Transfer Reports (CWTR):Where applicable, Cashmo shall file CWTRs for cross-border transactions above prescribed thresholds.

• Cashmo shall screen all Users and transactions against the following lists at onboarding and on an ongoing basis:
  • United Nations Security Council (UNSC) Sanctions List
  • Government of India — Ministry of Home Affairs Designated Terrorist List
  • OFAC (Office of Foreign Assets Control) Sanctions List
  • RBI and FIU-IND watch lists
  • Any other list notified by competent Indian authorities
• Any match or potential match against a sanctions list shall result in:
  • Immediate freezing of the User's account and transactions.
  • Escalation to Cashmo's Compliance Officer.
  • Mandatory reporting to FIU-IND and other competent authorities.
  • No further transactions shall be processed until the matter is fully resolved.
• Screening shall be conducted using automated systems with periodic manual review to ensure accuracy and minimize false positives.

• Any employee,agent, or representative of Cashmo who becomes aware of or suspects any money laundering, terrorist financing, or financial crime activity must immediately report the matter to the designated Compliance Officer through the internal reporting channel.
• Internal reports must be submitted in writing and shall include:
  • Name and User ID of the suspected individual or entity.
  • Description of the suspicious activity or transaction.
  • Transaction reference numbers and amounts involved.
  • Dates and timeline of the suspicious activity.
  • Any supporting evidence or documentation available.
• All internal reports shall be treated with strict confidentiality. The identity of the reporting employee shall be protected at all times.
• No employee shall face any adverse employment consequence for making a genuine internal report in good faith.

• Cashmo shall submit the following mandatory reports to Financial Intelligence Unit — India (FIU-IND) through the FINnet portal in the prescribed format and within stipulated timelines:

  Report Type	Threshold	Filing Timeline
  Cash Transaction Report (CTR)	Cash transactions of ₹10,00,000 or above in a month	Within 15 days of the end of the month
  Suspicious Transaction Report (STR)	Any amount — based on suspicion	Within 7 working days of suspicion being formed
  Non-Profit Organization Transaction Report (NTR)	Transactions by NGOs / NPOs	Within 15 days of the end of the month
  Cross-Border Wire Transfer Report (CWTR)	As prescribed	Within 15 days of the end of the month

• Cashmo shall designate a Principal Officer who shall be responsible for all regulatory filings with FIU-IND and shall be the primary point of contact for FIU-IND.
• All reports filed with FIU-IND shall be accurate, complete, and submitted within the prescribed deadlines without exception.

• Once a Suspicious Transaction Report (STR) has been filed or is being prepared, no employee, officer, or representative of Cashmo shall disclose or hint to the User that their account or transaction is under investigation or that a report has been or is being filed.
• Disclosure of an STR filing to the subject of investigation — commonly referred to as "tipping off" — is a criminal offence under the Prevention of Money Laundering Act, 2002, and shall attract severe penalties.
• Any employee found to have tipped off a User or third party about an STR or AML investigation shall be subject to immediate disciplinary action and criminal referral.

• Cashmo shall designate a qualified Compliance Officer who shall be responsible for the implementation, oversight, and enforcement of this Policy.
• The Compliance Officer shall be a senior management level official with appropriate authority, resources, and independence to carry out compliance responsibilities effectively.

• Overseeing the implementation of all AML and KYC procedures across the Platform.
• Receiving and reviewing all internal suspicious activity reports from employees.
• Making final decisions on filing STRs, CTRs, and other mandatory reports with FIU-IND.
• Serving as the Principal Officer for all FIU-IND regulatory communications and filings.
• Maintaining all AML and KYC records as required under applicable law.
• Conducting and overseeing AML training programs for all relevant employees.
• Keeping abreast of all changes in AML and KYC laws, regulations, and guidelines and updating this Policy accordingly.
• Conducting periodic internal audits of AML and KYC compliance.
• Reporting to senior management and the Board of Directors on the state of AML compliance on a regular basis.
• Liaising with RBI, FIU-IND, law enforcement, and other competent authorities on all AML and KYC matters.

• Cashmo shall conduct mandatory AML and KYC training for all employees, agents, and representatives who are involved in:
  • Customer onboarding and KYC verification.
  • Transaction processing and monitoring.
  • Customer support and grievance handling.
  • Financial reporting and compliance.
• Training shall cover the following topics as a minimum:
  • Overview of PMLA, RBI KYC Directions, and FIU-IND guidelines.
  • Customer Due Diligence and KYC verification procedures.
  • Recognition of suspicious transaction indicators.
  • Internal reporting procedures and obligations.
  • Tipping off prohibition and consequences.
  • Record keeping requirements.
  • Consequences of non-compliance for the individual and the organization.
• Training shall be conducted:
  • At the time of joining for all new employees.
  • Annually for all existing employees.
  • Immediately upon any material change in applicable laws or this Policy.
• All training sessions shall be documented and records of attendance maintained for a minimum period of 5 years.
• Employees who fail to complete mandatory AML training within prescribed timelines shall be restricted from performing functions involving customer transactions until training is completed.

• All KYC documents collected from Users including identity proof, address proof, photographs, and business documents.
• Records of all transactions processed through the Platform including transaction amounts, dates, parties involved, and reference numbers.
• All correspondence and communications relating to KYC verification and AML investigations.
• All internal suspicious activity reports and related investigation records.
• All STRs, CTRs, and other regulatory reports filed with FIU-IND.
• Records of all sanctions screening checks conducted.
• Employee AML training records.
• Risk assessment and customer risk classification records.

Record Type	Minimum Retention Period
KYC Documents	5 years from the date of account closure
Transaction Records	5 years from the date of the transaction
STR / CTR filings	5 years from the date of filing
Internal investigation records	5 years from the date of closure of investigation
Employee Training Records	5 years from the date of training
Sanctions Screening Records	5 years from the date of screening

• All records shall be maintained in a manner that allows them to be retrieved promptly upon request by competent authorities.
• Records may be maintained in electronic or physical format provided they are secure, legible, and complete.
• Electronic records shall be backed up regularly and protected against unauthorized access, alteration, or destruction.
• All records shall be made available to RBI, FIU-IND, law enforcement agencies, and other competent authorities upon lawful request without delay.

• Detection of suspicious transaction patterns indicative of money laundering or terrorist financing.
• A User's identity cannot be verified or KYC documents are found to be false or forged.
• A User is identified on a sanctions list or designated terrorist list.
• Receipt of a direction from RBI, FIU-IND, law enforcement, or any other competent authority.
• A User refuses to provide required KYC documents or information within stipulated timelines.
• Detection of structuring behavior — deliberately splitting transactions to avoid reporting thresholds.
• Any other circumstance where continuation of the account presents an unacceptable AML risk.

• Account freezing shall be effected immediately upon detection of a trigger event.
• The User shall be notified of the account restriction to the extent permitted by law and without compromising any ongoing investigation or tipping off obligations.
• The matter shall be immediately escalated to the Compliance Officer.
• The Compliance Officer shall review the case and determine appropriate next steps including STR filing, law enforcement referral, or account restoration.
• If the account restriction is found to be erroneous following investigation, the account shall be restored promptly and the User notified accordingly.

• Funds held in a frozen account shall remain in the account pending resolution of the investigation.
• Cashmo shall not be liable for any loss, inconvenience, or consequential damage arising from a lawful account freeze conducted in good faith for AML compliance purposes.
• Release of frozen funds shall be subject to clearance by the Compliance Officer and, where applicable, directions from competent authorities.

• Provide accurate, complete, and truthful KYC information and documents at the time of registration and upon any subsequent request from Cashmo.
• Promptly update KYC information upon any change in personal, financial, or business circumstances.
• Cooperate fully with Cashmo's KYC verification, transaction monitoring, and AML investigation processes.
• Declare their source of funds and source of wealth when requested by Cashmo.
• Disclose their PEP status accurately at the time of registration and upon any change in status.
• Refrain from conducting or facilitating any transaction that constitutes or is connected to money laundering, terrorist financing, or any other financial crime.
• Not structure transactions in a manner designed to evade reporting thresholds or regulatory oversight.
• Not use the Platform on behalf of undisclosed third parties or beneficial owners.

• Immediate and permanent account termination.
• Forfeiture of Wallet balance pending legal and regulatory proceedings.
• Mandatory reporting to FIU-IND, law enforcement agencies, and other competent authorities.
• Civil recovery action for any losses caused to Cashmo or third parties.
• Criminal prosecution under PMLA, UAPA, IPC / BNS, and other applicable laws, which may result in imprisonment and financial penalties.

• Facilitated or assisted money laundering or terrorist financing.
• Failed to report suspicious activity as required.
• Tipped off a User about an STR or investigation.
• Falsified KYC records or documentation.

• Immediate termination of employment or engagement.
• Criminal referral to law enforcement authorities.
• Civil recovery action where applicable.

• Cashmo shall conduct internal AML compliance audits at least once every year to assess:
  • Adequacy and effectiveness of KYC procedures.
  • Quality and completeness of transaction monitoring.
  • Timeliness and accuracy of regulatory filings.
  • Adequacy of employee training.
  • Compliance with record keeping requirements.
• Audit findings shall be reported to senior management and the Board of Directors with recommendations for improvement.
• Identified deficiencies shall be remediated within defined timelines with accountability assigned to relevant personnel.
• Cashmo shall also be subject to external audits by RBI, FIU-IND, or other competent authorities as applicable and shall cooperate fully with such audits.

• Cashmo reserves the right to amend, update, or revise this AML and KYC Policy at any time to reflect changes in applicable law, regulatory guidelines, or business practices.
• All amendments shall be approved by the Compliance Officer and senior management prior to implementation.
• Material changes shall be communicated to registered Users via email or SMS at least 7 days prior to the effective date.
• Updated Policy shall be published on the Platform with a revised effective date and version number.
• Continued use of the Platform following the effective date of any amendment shall constitute acceptance of the revised Policy.

• Prevention of Money Laundering Act, 2002
• Prevention of Money Laundering (Maintenance of Records) Rules, 2005
• RBI Master Direction on KYC, 2016 (as amended)
• Foreign Exchange Management Act, 1999
• Unlawful Activities (Prevention) Act, 1967
• Information Technology Act, 2000
• Payment and Settlement Systems Act, 2007

Role	Email	Purpose
Compliance Officer	compliance@cashmo.in	AML / KYC matters
Customer Support	support@cashmo.in	General KYC queries
Legal Department	legal@cashmo.in	Legal and regulatory matters

• You have read and fully understood this Anti-Money Laundering and KYC Policy.
• You agree to comply with all KYC requirements and provide accurate and complete documentation.
• You confirm that You are not engaged in any money laundering, terrorist financing, or financial crime activity.
• You acknowledge that non-compliance with this Policy may result in account termination, regulatory reporting, and criminal prosecution.
• You undertake to promptly update Your KYC information upon any material change in Your circumstances.