AML & KYC Policy

1. Introduction

bluFin360 Vault Pvt Ltd (“Company,” “we,” “us,” or “our”), operating under the brand name bluFin360, is committed to preventing money laundering, terrorist financing, and fraudulent activities by implementing a robustAnti-Money Laundering (AML) and Know Your Customer (KYC) policy.

This policy ensures compliance with:

• Prevention of Money Laundering Act (PMLA), 2002
• Reserve Bank of India (RBI) KYC & AML Guidelines
• NPCI Guidelines for UPI Transactions
• Financial Intelligence Unit - India (FIU-IND) Reporting Obligations

By using bluFin360’s services, all merchants, businesses, and individual users agree to adhere to our AML & KYC requirements.

2. Customer Due Diligence (CDD) Process

bluFin360 follows a risk-based approach to KYC verification for merchants and users, ensuring compliance with RBI’s Master Directions on KYC (2023).

2.1 KYC Process for Individual Users

All individuals must undergo identity verification before transacting on bluFin360. The required documents include:

• Government-issued ID: Aadhaar, PAN, Passport, or Voter ID
• Bank Account Verification: Linked UPI ID or IFSC-enabled account
• Mobile Number Verification: OTP-based authentication
• For high-value transactions, additional verification such as video KYC or an in-person verification may be required.

2.2 KYC Process for Merchants & Businesses

Merchants and businesses must complete merchant onboarding KYC before accepting payments via bluFin360. Required documents include:

For Sole Proprietors:

• Aadhaar/PAN Card of the proprietor
• GST Registration (if applicable)
• Business Registration Certificate

For Companies (LLP/Pvt Ltd/Public Ltd):

• Certificate of Incorporation
• PAN & GSTIN of the business
• MOA & AOA (for companies)
• Bank Account Statement (last 6 months)

All merchants undergo risk categorization (low, medium, high) based on their industry, transaction patterns, and compliance history.

3. Risk-Based Monitoring for Suspicious Transactions

bluFin360 follows a risk-based approach (RBA) to monitor and prevent suspicious transactions.

3.1 Risk Classification

• Low-Risk Users: Verified individual users & merchants with consistent transaction behaviour.
• Medium-Risk Users: New merchants or businesses with high transaction volumes in sensitive sectors (e.g., financial services, e-commerce).
• High-Risk Users:  Businesses operating in  cross-border transactions, virtual assets (crypto), gaming, and remittances. 

3.2 Suspicious Transaction Reporting (STR)

• As per PMLA 2002, bluFin360 reports suspicious transactions to FIU-IND (Financial Intelligence Unit - India).
• Transactions involving money laundering, fraud, or terrorist financing are flagged and reported within 7 days.

4. Compliance with NPCI Guidelines for UPI Transactions

As a UPI payment service provider, bluFin360 follows NPCI’s UPI guidelines to prevent fraud and ensure financial integrity.

4.1 UPI KYC & Authentication

• UPI users must complete full KYC before linking their accounts.
• Transactions above ₹2,000 for PPI wallets require strong customer authentication (SCA).
• UPI AutoPay & Mandates require explicit user authorization.

4.2 Fraud Prevention Measures

• Two-Factor Authentication (2FA) for all UPI transactions.
• Geolocation tracking to prevent cross-border misuse.
• Device fingerprinting & behavioural analytics for fraud detection.

4.3 UPI Dispute Resolution & Chargebacks

• Customers can raise UPI disputes within 5 days via bluFin360 or their bank.
• Dispute resolution follows NPCI’s standardized chargeback process.

5. Compliance with Prevention of Money Laundering Act (Prevention of Money Laundering Act)

bluFin360 complies with PMLA 2002 & RBI AML guidelines by:

• Implementing stringent KYC norms for users & merchants.
• Conducting real-time transaction monitoring to detect suspicious behaviour.
• Reporting cash transactions above ₹10 lakhs and unusual activity to FIU-IND.
• Conducting annual AML audits and staff training on AML compliance.

Failure to comply with AML/KYC norms may result in account suspension, legal action, and regulatory reporting.

6. User Responsibilities & Consequences of Non-Compliance

Users and merchants must:

• Provide accurate KYC details and update them periodically.
• Avoid transactions linked to prohibited industries (illegal trade, gambling, etc.).

Consequences of non-compliance:

• Account suspension or termination
• Withheld settlements for unverified merchants
• Report any suspicious or unauthorized activity to bluFin360.

7. Governing Law & Jurisdiction

This policy complies with:

• Prevention of Money Laundering Act (PMLA), 2002
• RBI Master Directions on KYC & AML (2023)
• NPCI Guidelines for UPI Payments

Any legal disputes will be governed by Indian laws and resolved in the courts of Bengaluru, Karnataka.