1.
Verify the uploaded Know Your Customer (KYC) documents submitted by the merchant to ensure compliance with our KYC policy.
2.
Understand the merchant's business model and the specific use case of our product, including the nature of transactions. Assign a Merchant Category Code (MCC) based on this understanding.
3.
Classify the case into either Straight-Through Processing (STP) or Non-Straight-Through Processing (NSTP) based on the assigned MCC.
4.
Categorize the risk level of the merchant according to the assigned MCC and update this information in the merchant dashboard.
5.
Conduct a check against negative databases; if the merchant is found in such a database, reject the application immediately.
6.
Perform sanction screening on the Facctum dashboard for every merchant. The screening includes parameters such as the legal name of the merchant, the name of the Authorized User Signatory (AUS), and the name of the Ultimate Beneficial Owner (UBO).
Capture a screenshot when there is a material profile change for the merchant, specifically when there is a change in the Ultimate Beneficial Owner (UBO). This documentation helps maintain an updated record of significant alterations in the merchant's information.
Take a screenshot whenever the watchlist is updated. This ensures a visual record of the changes made to the watchlist and helps in tracking the evolution of the screening criteria.
Conduct bulk screening for the entire database every quarter and capture screenshots of the results. This periodic screening ensures ongoing compliance and risk mitigation, and the screenshots serve as tangible evidence of the outcomes for audit and reporting purposes.
1.
UBO Identification - The Beneficial Owner refers to the natural person(s) who, whether acting alone or jointly, or through one or more legal entities, holds controlling interest or shares more than 10% in the case of companies and 15% for all other entities. The Risk Intelligence and Compliance (RIC) analyst is responsible for identifying the Ultimate Beneficial Owner (UBO) and obtaining Know Your Customer (KYC) documents (PAN and/or Aadhar) for the individual if the UBO is someone other than the Authorized Signatory. For companies, UBO identification is conducted through Probe42, and for other entities, it is based on the incorporation document (partnership deed, trust deed, etc.). This process ensures compliance with regulatory requirements and enhances transparency in understanding the ownership structure of entities.
2.
In the case of Medium and High-Risk Merchant Category Codes (MCC), we implement Customer Physical Verification (CPV) procedures. To carry out CPV, we currently collaborate with third-party vendors who physically verify the merchant's address. These vendors meticulously document details related to the signboard, office address, and provide comprehensive photographic evidence of the office premises and its employees. The expectation is that the third-party CPV vendor completes and submits a detailed report to Indiconnect Pvt Ltd within a maximum timeframe of 48 hours.
3.
CPV is specifically recommended for Straight-Through Processing (STP)However, the Risk Intelligence and Compliance (RIC) analyst has the discretion to suggest CPV for merchants in any other segment, particularly if the merchant lacks an online presence. This strategic inclusion of CPV as an additional verification layer serves to validate the accuracy and legitimacy of the merchant's physical presence, thereby enhancing our overall risk management processes.
4.
If a business model requires additional licenses or registrations from government agencies or regulatory agencies, the customer must obtain such documents. This helps ensure compliance with legal and regulatory requirements, and it is standard practice to apply for and verify appropriate licenses or registrations as part of the onboarding process. These activities help ensure that companies operate within the established legal framework and meet the necessary legal standards.
Website/app review:#
About Us: Briefly explain the entity and the business model.
Contact Us: Include the address (matching the registered address as per documents), support email ID, and contact number.
Terms & Conditions: Cover basic terms and conditions, jurisdiction details, information accuracy, disclaimers, and policies regarding external links.
Privacy Policy: Specify what data is being collected, how it is collected, and how the merchant handles the collected data.
Refund and Cancellation: Clearly state the terms for refunds and cancellations, including the cancellation window, time frame for refunds, and the mode of refund.
Delivery Policy: Necessary for merchants selling tangible products. Provide details such as the delivery partner, expected delivery time frames, and any other relevant information.
Product Range and List of Services: Include the entire product range and a comprehensive list of services on the website, along with pricing. Ensure that the merchant provides a complete description of the goods or services offered.
Process Flow / User Journey: Conduct mystery shopping to check the process flow and user journey on the website.
1.
Social media and internet crawling - Examining the merchant's online presence and real-world feedback involves reviewing their LinkedIn profile, Google reviews, platforms such as Justdial and India Mart, as well as other social media outlets and consumer forums.
2.
IP whitelisting - IP whitelisting is a security measure used to prevent the misuse of keys and salts. In this process, the server IP of the merchant's website/app is added to a whitelist in the system. This means that only transactions originating from the specified IP address are allowed, and any transactions from different IPs are blocked.
Sensitive Operations: Transactions involving sensitive operations, such as financial transactions, where the risk of misuse is higher.
Administrative Access: Access to administrative sections or privileged areas of the website/app where critical functions are performed.
Key and Salt Handling: Protection of cryptographic keys and salts used for encryption and security purposes.
Gaming: Given the nature of gaming transactions, which often involve financial transactions and sensitive data, IP whitelisting is implemented to enhance security in this segment.
Retail Websites with No Online Presence or Sub-Standard Profile: Merchants operating retail websites without a significant online presence or with sub-standard profiles are subjected to IP whitelisting. This adds an extra layer of security for transactions on these platforms.
Other Merchants at the Discretion of RIC Analyst: The Risk Intelligence and Compliance (RIC) analyst has the discretion to apply IP whitelisting for any other merchant segment as deemed necessary. This discretionary approach allows for flexibility in adapting security measures based on specific risk assessments and circumstances.
1.
EDD for high-risk segment - Enhanced Due Diligence (EDD) applies to the following sectors:
High-risk industries: Sectors or industries identified as high-risk can include financial services, gambling, cryptocurrencies and other things that present high risk.
Political Person (PEP): A person who holds an important public position, such as a government official or a politician, is more likely to be involved in corruption or legal action.
Large Transactions: Transactions involving large amounts of money that exceed a predefined threshold are subject to further investigation based on their impact.
Unauthorized Merchants: Merchants located in jurisdictions with a high risk of financial crime, money laundering or lack of regulatory authority.
Complex ownership structures: Companies or entities with complex ownership structures require more in-depth knowledge to reduce the risk of financial misconduct.
Low Profile Sellers: Sellers who run a marketing website with no online presence or with a low profile therefore require more scrutiny.
Other Areas at RIC Analyst's discretion: Risk Intelligence and Compliance (RIC) analysts have the authority to apply due diligence to other areas based on specific risk assessments and conditions. This thoughtful approach allows us to flexibly adapt our selection methods to optimize the chances of conversion.
Identify the Most Beneficial Owner (UBO): Use Probe42 to identify the most beneficial owner of your business and provide information about the ownership structure and the risks involved.
Certificate of Completion: Leverage Probe42 for penalty checks, reducing legal and regulatory risk by ensuring that your client's name and associated entities do not appear on penalty lists.
Background Checks: Probe42 performs a comprehensive background check to check a client's history, reputation, and possible law enforcement involvement.
Credit Assessment: Use Probe42 to assess a customer's creditworthiness and assess their financial stability and ability to meet financial obligations.
Set#
Database Inspection: Probe42 performs malicious database inspection to prevent clients from accessing databases that are subject to fraudulent or malicious activity.
Mystery Shopping: Implement Probe42 for Mystery Shopping to review user journeys and workflows to ensure customer satisfaction and security.
1.
Indiconnect is committed to transaction security and achieves Payment Card Industry Data Security Standard (PCI-DSS) status upon installation. This includes obtaining an Acceptance Certificate (AOC) and obtaining a commitment from the relevant vendor to comply with PCI-DSS standards.For merchants seeking secure card integration, another requirement is to pass the Payment Card Industry Standard Data Security Certification- Database and Cloud (PCI-DCC). This certificate is required to ensure that merchants meet specified security standards and create a safe and reliable environment for card transactions.
2.
Risk and Compliance Officers (RICs) are responsible for writing questions and comments to Salesforce, including all attachments. The RIC Analyst should provide detailed instructions to the Level II Assistant. This includes updating the subscription form with full information, including the correct Consumer Code (MCC), before submitting the case to the admissions team. The aim is to ensure a clear and meaningful record of the review process, to help marketers map and activate.
3.
Effectively manage and manage financial risk using transaction size limits based on business model and average ticket size.
1.
Personal identification: verify personal identification documents such as a government-issued identification card, passport, driver's license or
2.
Vocational training: verify the characteristics personal and professional, including work history, qualifications and relevant experience.
3.
Portfolios or work samples: Request and review portfolios or samples of people and their work to verify skills and knowledge.
4.
Evaluate independent platforms: If necessary, consider reviewing ratings and reviews on free platforms to determine their reputation and trustworthiness.
5.
References: Request references from previous clients or colleagues to verify personal and professional ethics and integrity.
6.
Bank Statement: For financial transactions, please request a recent bank statement to ensure financial stability and accuracy.
7.
Contractual Agreement: Establish clear and comprehensive contractual agreements that outline contract terms, deliverables, and payment terms.
Modified at 2025-11-26 12:31:29
