KNOW YOUR CUSTOMER (KYC/KYB) POLICY

1. INTRODUCTION

Vinus International Ltd. is a private limited company, incorporated under the laws of Anjouan, having company registration no. 15712 (“Vinus” / “Company”), under the International Business Companies Act 004 of 2005 as an International Business Company limited by shares, with registered office at Hamchako, Mutsamadu, the Autonomous Island of Anjouan, Union of Comoros.

Vinus is in the business of providing game platform solutions for corporations, and the general public and non-residents of the Autonomous Island of Anjouan.

1.1. Changes to this Policy

Under any subsequent amendments or any statutory modifications or re-enactments in the regulations and laws within the Union of Comoros, including THE COMPUTER GAMING LICENSING ACT 007 OF 2005 and ANJOUAN MONEY LAUNDERING (PREVENTION) ACT 008 OF 2005, KYC/AML and CFT guidelines from relevant organizations like FATF, the Company board is empowered to effect changes or amendments to this Policy and to other parameter(s) framed by the Board, subject to recommendation of the Risk and Compliance team.

2. DEFINITION

2.1. “Customer”, “Client” means:

  • 2.1.1. an individual or entity engaged in a business relationship with the Company;
  • 2.1.2. an individual utilizing services provided by the Company;
  • 2.1.3. a natural person for whom an account is maintained, known as the beneficial owner, defined as an individual(s), whether acting alone, collectively, or through one or more legal entities, exercising controlling ownership interest or control through other means. For identification purposes, controlling ownership interest entails ownership of or entitlement to more than 10 percent of the shares, capital, or profits of the Company or partnership firm.
  • 2.1.4. any individual or entity associated with service transactions or activities that could pose significant reputational or other risks to the Company.

2.2. Client Due Diligence (CDD) involves the identification and verification of the client (or beneficial owner, as applicable) using reliable and independent sources of identification.

  • a. Client identification, verification of identity using reliable and independent sources, and obtaining information on the purpose and intended nature of the business relationship, where applicable.
  • b. Taking reasonable steps to understand the nature of the client's business, ownership, and control.
  • c. Determining whether a client is acting on behalf of a beneficial owner, identifying the beneficial owner, and undertaking all necessary steps to verify their identity using reliable and independent sources.

2.3. Client identification refers to the process of undertaking CDD.

2.4. Digital Signature holds the same meaning as defined as the electronic signature.

2.5. Designated Director is an individual appointed by the Board to ensure overall compliance with the company’s obligations.

2.6. Money Laundering carries the meaning ascribed under Comoran Law.

2.7. Politically Exposed Persons (PEPs) are individuals who hold or have held prominent public functions in a foreign country, including Heads of States/Governments, senior politicians, government or judicial or military officers, senior executives of state-owned corporations, and significant political party officials.

2.8. Compliance Officer refers to a management-level officer nominated by the Board, responsible for fulfilling obligations under Anjouan laws.

2.9. Suspicious Transaction includes a "transaction," as defined below, or an attempted transaction, irrespective of the value involved, which, to a person acting in good faith:

  • a. gives rise to a reasonable suspicion of involving proceeds of an offense;
  • b. appears to be made in circumstances of unusual or unjustified complexity;
  • c. appears to lack economic rationale or bona fide purpose; or
  • d. gives rise to a reasonable suspicion of involving financing of terrorism-related activities.

2.10. Transaction encompasses:

  • A purchase, sale, loan, pledge, gift, transfer, delivery, or arrangement thereof, including deposits, withdrawals, exchanges, or transfers of funds in any currency, whether in cash, by check, payment order, or other instruments, or by electronic or non-physical means; any payment made or received in fulfillment of a contractual or legal obligation;

3. KYC REQUIREMENTS

3.1. Customer Acceptance Policy (“CAP”) is covered in Annexure 1.

3.2. Customer Identification Procedures (“CIP”) are given in Annexure 2.

3.3. CDD Procedures are provided in Annexure 3.

3.3.1. KYC Recording Procedure:

The Company will collect KYC data for storage in the KYC Register, following the KYC templates designated for 'individuals' and 'Legal Entities' as appropriate, and as periodically revised.

The Company will upload, or update KYC information related to individual customer accounts during scheduled updates or sooner upon receipt of updated KYC data from the customer.

Refer to Annexure 3 for a detailed CDD procedure.

3.4. Record Management is covered in Annexure 4.

3.5. Risk Management is covered in Annexure 5.

3.6. Enhanced Due Diligence (EDD) measures are covered in Annexure 6

3.7. Appointment of Principal Officer:

The Company will designate a Money Laundering Compliance Officer (MLCO), tasked with overseeing and reporting on all transactions and information-sharing obligations mandated by law. The MLCO will establish and maintain strong connections with law enforcement agencies, financial institutions, and any other relevant entities engaged in efforts to combat money laundering and terrorism financing.

3.8. Appointment of Designated Director:

The Company shall appoint a Designated Director in terms of the obligations under the applicable laws.

3.9. Ongoing Due Diligence:

The Company shall conduct continuous due diligence on customers to ensure that their transactions align with the Company's understanding of the customers, their business activities, risk profile, and the source of funds, including cash or wealth.

The extent of transaction monitoring will be tailored according to the account's risk profile. The Company will strive to comprehend the typical customer activity to identify transactions deviating from the norm. Special attention will be devoted to complex, unusually large transactions, and patterns devoid of apparent economic or lawful purpose. The Company will adhere to a management-approved standard operating procedure (SOP) to classify cases as High, Medium, or Low Risk.

Appropriate thresholds will be established based on customer risk categorization to ensure heightened monitoring. When reviewing alerts, attention will be directed toward the customer's background, identity, financial status, business nature, origin country, fund sources, geographical risk, transaction types, products/services offered, and delivery channels.

To adhere to AML/CFT policies, the Company utilizes a client-provided database to screen new account opening applications against designated watch lists. Upon identifying a true match, besides preventing customer onboarding, the Company promptly reports to relevant authorities. Lists are periodically updated, and screening is also conducted during fresh loan disbursement for existing customers. Additionally, the Company will undertake necessary countermeasures when prompted by any international or intergovernmental organization recognized by the Central Government of Anjouan.

Periodic risk assessments are essential to identify, assess, and mitigate money laundering and terrorist financing risks concerning clients, countries, or geographic areas. However, such assessments will not be applicable to the Company, considering relevant risk factors and the overall risk level based on its products, services, transaction size, and delivery channels. The frequency of risk assessment will be determined by the Board or its delegated committee, reviewed at least annually.

The Company will adopt a Risk-Based Approach (RBA) for mitigating and managing identified risks, implementing a Customer Due Diligence (CDD) program tailored to the identified AML/CFT risks and business size. Moreover, the Company will monitor control implementation and enhance them as necessary during risk assessment reviews.

3.10. Reporting of Transactions:

Further, the Company shall be guided by MLCO advice for necessary actions to be taken, including additional measures (if any) for managing the ML/TF risk(s), for the reporting requirements and procedures based on applicable laws.

3.11. Training Program:

The Company will maintain an ongoing training program for its employees to ensure they possess adequate knowledge of KYC/AML procedures and stay abreast of evolving KYC/AML/CFT regulations both domestically and internationally.

Training initiatives will be tailored to the specific needs of frontline staff, compliance personnel, and individuals handling new customer interactions, ensuring comprehensive understanding and consistent implementation of KYC policies and norms.

3.12. Internal Control System:

The Company's Internal Audit and Compliance functions will assess and ensure adherence to KYC policies and procedures. The compliance function will independently evaluate the Company’s policies, procedures, and compliance with legal and regulatory requirements. Management, overseen by Vinus International Ltd., ensures that internal auditors include KYC procedure review within their scope of work and maintain a proficient team. Internal Auditors will specifically examine and verify KYC procedure applications at branches, highlighting any observed deficiencies. Audit findings and compliance will be presented to the Audit Committee annually.

Furthermore, the Company will establish a rigorous screening mechanism as an integral part of its personnel recruitment process to prevent individuals with criminal backgrounds from accessing and potentially exploiting financial channels.

MLCO (Money Laundering Compliance Officer) after obtaining the due approval from the Board shall make the necessary amendments/modifications in this Policy or such other related guidance notes of the Company, to be in line with statutory authority’s requirements/updates/ amendments from time to time.

Annexure-1

Customer Acceptance Policy

1. The Company shall ensure that:

1.1. No accounts shall be established under anonymous or fictitious/benami names.

1.2. No accounts shall be opened where the Company is unable to implement appropriate Customer Due Diligence (CDD) measures, either due to customer non-cooperation or the unreliability of documents/information provided by the customer. Should the Company encounter such circumstances, it shall consider filing a Suspicious Transaction Report (STR) as necessary.

1.3. No transactions or account-based relationships shall be initiated without adhering to the CDD procedure.

1.4. The mandatory information required for Know Your Customer (KYC) purposes during account opening and periodic updates shall conform to the specifications outlined in this Policy, subject to amendments or specifications made periodically.

1.5. Additional information, not explicitly outlined in this Policy, shall only be obtained with the explicit consent of the customer.

1.6. An appropriate system shall be established to ensure that customer identities do not match any individuals or entities listed in watch lists.

1.7. In cases where an equivalent electronic document is provided by the customer, the Company shall verify the digital signature with confirmation from a certificate or official document issued by the authority of the jurisdiction where the customer has resided for the past five years.

1.9. If the customer or beneficial owner is identified as a Politically Exposed Person (PEP), such status shall be promptly brought to the attention of the MLCO and Designated Director for their approval.

2. The Company undertakes that this customer acceptance policy shall not result in the denial of its services to clients who are members of the general public, especially those who are in the minority category.

3. Where the company forms a suspicion of money laundering or terrorist financing, and it reasonably believes that performing the ECDD (Enhanced Customer Due Diligence) process will tip-off the customer, it shall not pursue the ECDD process, but instead file an STR to the authority.

Annexure-2

Customer Identification Procedures (CIP)

Customer identification shall be undertaken at the time of commencement of an account-based/transaction-based relationship which includes identifying the Company’s customers, verifying their identities, obtaining information on the purpose and intended nature of the business relationship; and determining whether a client is acting on behalf of a beneficial owner, and identify the beneficial owner and take all steps to verify the identity of the beneficial owner.

1. The Company shall undertake the identification of customers in the following cases:

1.1. Commencement of an account-based/transaction-based relationship with the customer;

1.2. When there is doubt about the authenticity or adequacy of the customer identification data it has obtained;

- The Company shall obtain satisfactory evidence of customer identity based on perceived risks at the onset of the relationship or account opening. Such evidence shall be substantiated by reliable independent documents, data, information, or other means, including physical verification. Additionally, the Company may conduct seamless, secure, real-time, consent-based audio-visual interactions with customers to obtain identification information and verify the accuracy of provided information through reliable and independent sources of identification.

1. For conducting Customer Due Diligence (CDD), the Company shall undergo the KYC process and obtain documents and information (as specified in Annexure-3 CDD Procedures) from individual or corporate customers during the establishment of an account-based relationship or when dealing with individuals acting as beneficial owners, authorized signatories, or power of attorney holders for any legal entity.

2. Additional documentation may be obtained from the customers with higher risk perception as may be deemed fit. This shall be done having regard but not limited to location (registered office address, correspondence address, and other addresses as may be applicable), nature of business activity, and monitoring of transactions in the account:

For identification of the restricted countries, the company shall restrict its services to the customers with registered offices and/or residences in the following restricted countries:

  • Austria
  • France and its territories
  • Germany
  • Netherlands and its territories
  • Spain
  • Union of Comoros
  • United Kingdom
  • USA and its territories
  • All FATF Blacklisted countries, and any other jurisdictions deemed prohibited by Anjouan Offshore Financial Authority.

3. While undertaking customer identification, the Company will ensure that:

  • Decision-making functions regarding compliance with KYC norms are not outsourced.
  • Customers are not obligated to provide separate proof of address for permanent and current addresses if they differ. If the provided proof of address corresponds to the customer's current residence, a declaration shall be obtained regarding their local address for correspondence. The local correspondence address, for which proof of address is unavailable, shall be verified through positive confirmation methods such as address verification letters, contact point verification, deliverables, etc.
  • In case of a change in the address stated on the proof of address, fresh proof of address must be obtained within two (2) months.
  • A Unique Customer Identification Code (UCIC) shall be assigned to customers upon the establishment of new relationships with the Company.

4. Periodic Update of KYC data

The company shall implement periodic updates, conducted at least once every two years for high-risk customers, once every eight years for medium-risk customers, and once every ten years for low-risk customers, commencing from the account opening date or the last KYC update, or when relevant documents expire. The following approach shall govern periodic updates:

No Change in KYC Information: If there are no alterations in the KYC information, the customer shall provide a self-declaration through registered email, mobile number, digital platforms (such as mobile applications), or written correspondence.

Address Change: In the event of a change solely in the customer's address details, the customer shall provide a self-declaration of the new address via registered email, mobile number, digital platforms, or written correspondence. The declared address shall be verified through positive confirmation within two months.

Moreover, the Company shall ensure:

  • Availability and Currency of KYC Documents: The customer's KYC documents, compliant with prevailing Customer Due Diligence (CDD) standards, must be accessible and regularly updated, even if there are no changes in customer information. If the validity of existing CDD documents has expired during the periodic KYC update, the KYC process equivalent to that required for new customer onboarding shall be followed.
  • Acknowledgment and Record Updates: Customers shall receive acknowledgment of document receipt, including self-declarations, for periodic update purposes. Furthermore, obtained information/documents during the periodic KYC update shall be promptly updated in records/databases, and customers shall be informed of the KYC details' update date.

5. The Company shall notify Customers to adhere to the KYC policy in the event of any updates to the documents provided by the Customer during the establishment of the business relationship or account-based relationship. Subsequently, Customers shall furnish the updated documents to the Company within 30 (thirty) days of such updates, as required.

Annexure-3

Customer Due Diligence Procedures

A. Customer Due Diligence

For undertaking CDD, the Company shall obtain the following while establishing an account-based/transaction-based relationship or while dealing with the individual who is a beneficial owner, authorized signatory, or the power of attorney holder related to any legal entity:

  • Documents should be issued or certified within 2 months:
    • A copy of the Government Issued Photo ID (in some cases front and back depending on the ID document) that shows name, signature, date of birth, and national identification number.
    • Proof of Address
    • Bank Statement
    • Customer Application form
    • Certificate of Good Standing
    • Source of Wealth Declaration Form
    • PEP form
    • CV (when applicable)
    • Live photo or a video of the customer with his identification document. (If necessary)
  • The customer should be more than 18 years of age.

In the case of corporate clients, in addition to the above documents, they need to provide the basic company documents as follows:

  • Certificate of Incorporation
  • Memorandum of Association and/or Articles of Incorporation
  • Certificate of Good Standing
  • Shareholder Register
  • Officer Register
  • Proof of Address

B. Enhanced Due Diligence (“EDD”)

The Company may apply enhanced due diligence (EDD) measures for higher-risk customers. These measures may include:

  • Obtaining additional identification documents and financial information.
  • Obtaining further information on the source of funds or source of wealth of the customer if the initial document provided in the initial stage of Customer Due Diligence seems insufficient.
  • Conducting independent third-party verification of customer information.
  • More frequent monitoring of customer activity.
  • Reviewing generally available public information such as media reports to determine whether the client has been subject to any criminal or civil enforcement action based on violations of AML/CFT Law.

For non-face-to-face customer onboarding:

If the Company shall undertake non-face-to-face onboarding of customers, this must be done through the use of digital channels such as equivalent e-document. The Company shall ensure that any and all transactions shall be permitted only from the mobile number and/or registered email used for account opening. The Company shall not link alternate mobile numbers. Any request for a change to the mobile number or email address must be sent from the registered point of communication.

Annexure-4

Record Management

  1. The following steps shall be taken regarding the maintenance, preservation, and reporting of customer information, with reference to the provisions of the Company’s AML/CFT procedures.
  2. The Company shall:
    1. Maintain all necessary records of transactions between the Company and the Customer including the walk-in customers, both domestic and international, for at least 10 (ten) years from the date of transaction.
    2. The Company should ensure that the customer shall be provided with an option to give or deny consent for the use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect personal data and if required, make the app delete/ forget the data, as provided for in Digital Lending Guidelines issued by RBI.
    3. Preserve the records pertaining to the identification of the Customers and their addresses obtained while opening the account and during the course of the business relationship, for at least 5 (five) years after the business relationship is ended;
    4. Make available swiftly the identification records and Transaction data to the competent authorities upon request.
    5. Evolve a system for proper maintenance and preservation of account information in a manner that allows data to be retrieved easily and quickly whenever required or when requested by the competent authorities;

Annexure-5

Risk Management

  1. Risk Management measures:
  2. For Risk Management, the Company will have a risk-based approach which includes the following:
    1. Customer risk shall be identified and categorized as low, medium, and high-risk categories, based on the assessment and risk perception of the Company mentioned in the AML/CFT Manual;
    2. Risk categorization shall be undertaken based on parameters such as customer’s identity, social/financial status, nature of the business activity, information about the client’s business and their location geographical risk covering customers as well as transactions, type of products/services offered, types of transaction undertaken – cash, cheque/monetary instruments, wire transfers, forex transactions etc. While considering the customer’s identity, the ability to confirm identity documents through offline or other services offered by issuing authorities may also be factored in;
    3. The risk categorization of a customer and the specific reasons for such categorization shall be kept confidential and shall not be revealed to the customer to avoid tipping off the customer; and
    4. The various other information collected from Customers relating to the perceived risk, is non-intrusive.
  3. Assessment of Risk Level
    • After identifying potential risks, evaluate their severity and likelihood of occurrence. This helps prioritize mitigation efforts. Consider:
      • Impact: How significant would the financial or reputational damage be if money laundering were to occur?
      • Frequency: How likely is it that this specific risk will materialize?
      • Controls: Do we have existing controls in place to mitigate the risk, and how effective are they?
  4. Implement Mitigation Measures:
    • Based on the risk assessment, develop and implement appropriate mitigation measures. These may include:
      • Enhanced Due Diligence (CDD): Applying stricter KYC procedures for high-risk customers or transactions.
      • Transaction Monitoring: Implementing systems to identify suspicious activity patterns.
      • Reporting: Establishing procedures for reporting suspected money laundering to the relevant authorities.
      • Training: Regularly training employees on AML risks and procedures.
      • Independent Testing: Conduct periodic audits or reviews of Vinus International Ltd AML controls.

Annexure-6

Enhanced Due Diligence (EDD) Measures

The Company may apply enhanced due diligence (EDD) measures for higher-risk customers.

  1. Accounts of Politically Exposed Persons (PEPs)
    • Politically exposed persons are individuals who are or have been entrusted with prominent public functions in a foreign country, including Heads of State or of Governments, senior politicians, senior government/judicial/military officers, senior executives of state-owned corporations, important political party officials, etc.
    • Company shall have in place appropriate risk management systems to determine whether the customer is a PEP.
    • Company shall gather sufficient information about the sources of funds/wealth.
    • The decision to provide financial services to an account for PEP shall be taken at a senior level.
    • All such accounts are subjected to enhanced monitoring on an ongoing basis.
    • In the event of an existing customer or the beneficial owner of an existing account subsequently becoming a PEP, the continuance of the business relationship will be subject to Vinus’ compliance team and the Managing Director’s approval.
    • The above norms shall also be applied to the accounts of the family members or close relatives of PEPs.
  2. Accounts of non-face-to-face customers
    • In the case of non-face-to-face customers, apart from applying the usual customer identification procedures, there must be specific and adequate procedures to mitigate the higher risk.
    • Certification of all the documents presented may be insisted upon and, if necessary, additional documents may be called for.
    • In the case of cross-border customers, there is the additional difficulty of matching the customer with the documentation, the Company may have to rely on third-party certification/ introduction. In such cases, it must be ensured that the third party is a regulated and supervised entity and has adequate KYC systems in place.