ANTI-MONEY LAUNDERING (AML) AND COUNTER FINANCING OF TERRORISM (CFT) POLICY

HARI PAY PRIVATE LIMITED (“AaoPay” or “the Company”) is committed to the highest standards of anti-money laundering (AML) and counter financing of terrorism (CFT) compliance. This policy outlines the framework, controls, and procedures implemented to prevent the misuse of AaoPay’s systems for money laundering or terrorist financing activities in accordance with applicable Indian laws and international standards.

• The Prevention of Money Laundering Act, 2002 (PMLA) and its amendments.
• The Prevention of Money Laundering (Maintenance of Records) Rules, 2005.
• Reserve Bank of India (RBI) Master Direction on Know Your Customer (KYC), 2023.
• Financial Action Task Force (FATF) 40 Recommendations.
• FIU-IND Guidelines and Circulars.
• Any other applicable directives issued by RBI or statutory authorities from time to time.

The objective of this Policy is to establish robust internal mechanisms to:

• Prevent AaoPay from being used for money laundering or terrorist financing activities.
• Ensure compliance with all legal and regulatory AML/CFT requirements.
• Promote a culture of compliance and accountability across all levels of the Company.

This Policy applies to all employees, agents, distributors, and business partners of AaoPay.

• Money Laundering: The process by which criminals disguise the illicit origin of their funds.
• Terrorist Financing: Provision or collection of funds intended for terrorist acts or organizations.
• Customer Due Diligence (CDD): Identification and verification of customers and beneficial owners.
• Politically Exposed Persons (PEPs): Individuals who hold or have held prominent public functions.
• Suspicious Transaction: Any transaction inconsistent with a customer’s known profile or economic purpose.

The Board of Directors has overall responsibility for AML/CFT compliance. Mr. Divyanshu Kumar is appointed as the Designated Principal Officer and AML Compliance Officer. He shall be responsible for implementation, monitoring, reporting, and liaison with regulatory authorities.

No account shall be opened in anonymous or fictitious names. Customers shall be accepted only after completion of proper due diligence as per RBI KYC Directions. Enhanced scrutiny shall apply to high-risk categories such as PEPs, non-residents, and trusts.

The Company shall identify and verify the identity of customers and beneficial owners before establishing a business relationship. Verification shall be through official identification documents such as Aadhaar, PAN, or Passport. The KYC process shall comply with RBI Master Direction on KYC and UIDAI regulations.

Customers shall be classified as Low, Medium, or High risk based on factors including geographical location, business activity, transaction pattern, and customer profile. Enhanced Due Diligence (EDD) shall be applied to high-risk customers.

All transactions shall be monitored on an ongoing basis using automated systems and manual review. Unusual, complex, or large transactions inconsistent with a customer’s profile shall be investigated and flagged.

The Company shall file the following reports to the Financial Intelligence Unit – India (FIU-IND):

• Cash Transaction Reports (CTR) for cash transactions exceeding ₹10,00,000.
• Suspicious Transaction Reports (STR) within 7 days of detection.
• Non-Profit Organisation Transaction Reports (NTR), if applicable.

All such reports shall be filed by the AML Compliance Officer.

All transaction records, KYC documents, and internal reports shall be maintained for at least five (5) years after the end of the business relationship as per PMLA Rules. Such records shall be readily available for regulatory inspection.

AaoPay shall conduct regular training sessions for all relevant staff to ensure awareness of AML/CFT obligations, red flag indicators, and internal reporting procedures.

Internal audit and compliance teams shall periodically review AML/CFT processes. Any deficiencies shall be promptly rectified. Independent testing of AML systems shall be conducted annually.

All information collected for AML purposes shall be treated as confidential and shared only with authorized agencies. Data protection practices shall comply with the Digital Personal Data Protection Act, 2023.

Non-compliance with AML obligations shall result in disciplinary action including suspension, termination, and regulatory penalties under PMLA, 2002.

This Policy shall be reviewed annually or earlier if necessitated by regulatory changes. Updates shall be approved by the Board of Directors and circulated to all departments.

This AML & CFT Policy was approved by the Board of Directors of HARI PAY PRIVATE LIMITED (AaoPay) on [01 November 2025] and shall remain in force until superseded or amended.

This Policy has been reviewed and approved by the Board of Directors of HARI PAY PRIVATE LIMITED. It shall be binding on all employees, agents, and affiliates of the Company.