Know Your Customer and Anti-Money Laundering Policy (KYC-AML Policy) This Know Your Customer (“KYC“) and Anti-Money Laundering (“AML“) Policy (“KYC-AML Policy“) details the KYC and AML requirements to access and use electronic platforms (Platform) operated by Innotech Labs LTD, a company registered under the laws of Trinidad and Tobago bearing Company Number C2024021500005, having its registered address at 5th Floor Savannah East, 11 Queen’s Park East, Port of Spain, Trinidad and Tobago (hereinafter referred to as “Us“/”We“/”TokenPrime“), You accept and understand that this KYC-AML Policy forms a legal and binding agreement between You and TokenPrime. TokenPrime reserves the right, at its sole discretion, to change, modify, add or remove portions of this KYC-AML Policy, at any time without any prior written notice. It is Your responsibility to review the KYC-AML Policy periodically for any updates/changes. Your continued use of the Platform following the modification of the KYC-AML Policy will imply the acceptance of this Policy or any changes made to it. You hereby acknowledge and agree that this KYC-AML Policy is also subject to the Terms Of Use and Privacy Policy. You hereby expressly consent to TokenPrime’s continuous monitoring and collecting of information and data of Your activities on the Platform for the purpose of this KYC-AML Policy. TokenPrime is vigilant in the fight against money laundering and under its best judgment implements processes not allowing any person or entity to use the Platform for money laundering and terrorist financing activities. 1. Definitions 1.1. “Applicable Law” shall mean any applicable statute, law, regulation, ordinance, rule, judgment, order, decree, by-law, approval from the concerned authority, government resolution, order, directive, guideline, policy, requirement, or other governmental restriction in force in India, including without limitation the Foreign Exchange and Management Act, 1999 and regulations thereunder, Prevention of Money Laundering Act 2002 (“PMLA“), the Prevention of Money Laundering (Maintenance of Records) Rules 2005 (“PMLR“), AML & CFT Guidelines For Reporting Entities Providing Services Related To Virtual Digital Assets (“AML Guidelines“), as issued by the Financial Intelligence Unit – India (“FIU-IND“), and various applicable guidelines, rules and regulations of the Computer Emergency Response Team, India (“CERT-In“), replaced and updated from time to time; 1.2. “Designated Director” means a person designated by TokenPrime to ensure overall implementation of the obligations imposed under chapter IV of the PMLA and the PMLR; 1.3. “Principal Officer” means an officer designated by TokenPrime to ensure compliance with the obligations imposed under chapter IV of the PMLA and the PMLR; 1.4. “Crypto(s)” are Virtual Digital Assets (“VDA“) and refer to a cryptographically secured digital representation of value or contractual rights that uses distributed ledger technology and can be transferred, stored or traded electronically using the Platform, including but not limited to bitcoin and ether; 1.5. “Customer“/”User” shall mean any Person using/accessing the Platform or interacting with it in any manner for buying, selling, depositing or withdrawing Crypto(s); 1.6. “Customer Due Diligence” (CDD) means identifying the Customer and verifying their identity by using a reliable, independent source of documents, data, or information, and checking if there are any sanctions or adverse media matches against them; 1.7. “Officially Valid Document” (OVD) means the Passport, the Driving License, proof of possession of an Aadhaar Number, or the Voter’s Identity Card issued by the Election Commission of India. For the purpose of this definition, ‘Aadhaar Number’ means an identification number as defined under the Aadhaar (Targeted Delivery of Financial and other Subsidies, Benefits and Services) Act, 2016. 1.8. “Person” means an individual who is above eighteen (18) years of age and an Indian citizen. 1.9. “Organization” means any entity registered in India that carries out the function of a business, and has a separate legal existence from the individuals associated with it. 1.10. “Politically Exposed Persons” (PEPs) are individuals who are or have been entrusted with prominent public functions by a foreign country, including the Heads of States/Governments, senior politicians, senior government or judicial or military officers, senior executives of state-owned corporations and important political party officials. A User could also qualify as a PEP if the User is a family member or a close relative of such an individual. 1.11. “Virtual Digital Assets” (VDA) means any information or code or number or token (not being Indian or foreign currency), a non-fungible token or any digital asset as defined under Section 2(47A) of Income Tax Act, 1961. 1.12. “Permanent Account Number” (PAN) is issued by the Indian Income Tax Department to help uniquely identify tax payers. e-PAN is an electronically issued PAN which is digitally signed. 2. Customer Acceptance Policy (“CAP”) Our services are exclusively offered to individuals holding Indian citizenship and residing within India. The designation of “User” is applicable only to those who meet these criteria. 2.1. KYC norms 2.1.1. KYC means to ‘Know Your Customer’ which is an effective way for an institution to confirm and thereby verify the authenticity of a customer. KYC is the key principle for the identification of any individual or Organization interacting and/or transacting with TokenPrime. This KYC principle applies to the Users of the Platform, and is also being undertaken to comply with the “Directions under sub-section (6) of section 70B of the Information Technology Act, 2000 relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet” issued by the Ministry of Electronics and Information Technology (“MeitY“) – Indian Computer Emergency Response Team (“CERT-In“) on 28 April, 2022. 2.1.2. The Customer/User identification includes identification and verification of the Customer’s identity on the basis of documents and information provided by the Customer. The objectives of KYC are as under: (a) To ensure appropriate Customer identification and comply with all Applicable Law(s), (b) Monitor all transactions, (c) Satisfy that the proposed Customer is not an undischarged insolvent, (d) Minimize frauds, (e) Avoid transacting with individuals or entities having fictitious names and addresses, and (f) Avoid undesirable Customers. 2.2. TokenPrime shall verify the provided information and documentation, and maintain an audit trail of any upload/modification/download. 2.3. Safeguard measures taken by TokenPrime 2.3.1. Before accessing the Platform, We on a reasonable efforts basis ensure that: (a) Users are not accessing the Platform under an anonymous or fictitious name. (b) User is not allowed to avail our services in an event if we are unable to apply appropriate CDD measures, i.e. verify the User identity and/or obtain documents required or non-reliability of the documents/information furnished to TokenPrime, either due to non-cooperation of the User or non-reliability of the documents/information furnished by the Customer. (c) No access is granted to the Platform or trades are executed without following CDD procedure. 2.3.2. Users are not permitted to act on behalf of anyone else and can only access the Platform on their own, with their own funds/assets, and for their own benefit. 2.3.3. TokenPrime at its sole discretion shall review the User’s information and documents provided and transactions for any transaction or in an event if TokenPrime receives a request for the same from Authorities and based on TokenPrime’s judgment or instruction from Authorities such User’s access to the Platform shall be suspended, frozen, blocked, disabled, or terminated. 2.3.4. TokenPrime shall, in its sole discretion, refuse to provide access to the Platform to new Users, suspend or terminate access to the Platform to existing Users after giving due notice, or refuse to process any transactions on the Platform if it is unable to ensure compliance with any of the aforementioned conditions, either due to non-cooperation by the User or due to the details provided by the User being found enlisted on any Sanctions Lists or unreliable or unverifiable to TokenPrime’s satisfaction. 2.3.5. Requirements/obligations under international agreements & Communication from international agencies: TokenPrime shall reasonably ensure that it does not have any association with individuals appearing in the lists of individuals and entities, suspected of having terrorist links, which are approved by and periodically circulated by the United Nations Security Council, other watchlists and sanctions lists. 3. Customer Identification Procedure (“CIP”) One of the objectives of the KYC and data/information collection norms being carried out by TokenPrime is to ensure appropriate Customer Identification. Customer Identification means undertaking the process of CDD. TokenPrime shall need to obtain sufficient information necessary to establish, to its satisfaction, the identity of each User, whether regular or occasional, and the purpose of the intended nature of the transactions being executed on/ through the Platform. Customer Identification Procedure is carried out at different stages while the Platform is accessed by the User and is not limited to instances when: (a) Applying to access the Platform, (b) Periodic review of a User’s information and documents, (c) Any transaction is being executed by the User on the Platform, and/or (d) TokenPrime has a doubt about the authenticity/veracity or the adequacy of the earlier obtained User Identification data. 3.1. User identification Identification of a User is an important prerequisite for accessing the Platform. No access is allowed on the Platform unless verification and due diligence of said User is successfully completed by TokenPrime. 3.1.1. What is Identity? Identity generally means a set of attributes that together uniquely identify a ‘natural’ or a ‘legal’ Person. The attributes which help in the unique identity of a ‘natural’ or ‘legal’ Person are called identifiers. Identifiers are of two types: a.) Primary and b.) Secondary. (a) Primary Identifiers: On a non-exhaustive basis means and includes the name (in full), date of birth, PAN number, and passport number/voter identity card / other govt.-issued identification document as they help in uniquely establishing the identity of the Person. (b) Secondary Identifiers: On a non-exhaustive basis means and includes address, location, nationality, and other such identification, as they help further refine the identity. User identification does not start and end at the point of application but it is always an ongoing exercise. 3.1.2. What is Identification? Identification is the act of establishing who a Person is: (a) In the context of KYC, identification means establishing who a Person purports to be. (b) This is done by recording the information provided by the User covering the elements of their identity (i.e. name, date of birth and the address at which they can be located). (c) For undertaking CDD, the OVDs shall be obtained from a User while establishing a relationship. 3.1.3. What is Verification? Verification of identity is the process of proving whether a Person actually is who they claim to be. In the context of KYC, verification is the process of seeking satisfactory evidence of the identity of those with whom TokenPrime does business. This is done by carrying out checks on the correctness of the information provided by the Customer. 3.1.4. Process of validation of documents through video-KYC In scenarios where the document provided by a User has some issues and cannot be validated using the automated solutions TokenPrime has in place, a video-KYC might be required from the User to validate the identity and authenticity of the document/information submitted by them. KYC of individuals associated with the Organization that are required to furnish OVDs or any other documents might be done with video-KYC. We would also use the video-KYC process while performing Enhanced Due Diligence (EDD) wherever required. 3.1.5 Customer Due Diligence (“CDD“) CDD would be performed in accordance with the risk category of the Customer, as follows: (a) Basic Due Diligence means the collection and verification of identity proof and address proof to establish the identity of the User. This is done on the basis of the documents and information submitted by the User. This due diligence would be performed on all Users. (b) Enhanced Due Diligence (“EDD“) means additional diligence measures undertaken over and above the Basic Due Diligence, in cases of High-risk Users. Steps under EDD shall include but will not be limited to requesting for additional information and documentation to support any information provided earlier (e.g. bank statements or other financial records for verifying the source of funds information), additional background checks and research to validate the true identity of a User, monitoring the activity of such Users, requesting for additional information and documentation, conducting in-person visits etc. TokenPrime shall conduct Basic Due Diligence, EDD, or any other due diligence activity or measures which under its sole discretion and/ or under Applicable Laws is required for a User registering or using the Platform. TokenPrime reserves the right to request for additional information and documentation, as required. 4. Anti-Money Laundering Standards In terms of the provisions of PMLA and PMLR, as amended from time to time, and the AML Guidelines, Reporting Entities (“REs“) are required to follow certain customer identification procedures while registration with the Platform and undertaking a transaction either by establishing an account-based relationship or otherwise and monitor their transactions. TokenPrime is also registered with the FIU-IND as a Reporting Entity (“RE“), and accordingly has taken steps to adopt the KYC/AML/CFT processes under the aforementioned AML Guidelines. 4.1. Steps taken to prevent Money-Laundering activities and Terrorist Financing TokenPrime has implemented steps with an objective to prevent any money laundering activity and/or terrorist financing on the Platform. Such processes being implemented are exhaustive in nature and are subject to change as required under any Applicable Law and/or as per TokenPrime’s sole discretion. 5. Monitoring of Transactions – On-going Due Diligence 5.1. Monitoring Customer activity and transactions throughout the relationship helps us to know their Customers, assess risk, and provide assurance that TokenPrime is not being used for the purposes of financial crime. 5.2. As part of the ongoing due diligence process, TokenPrime shall monitor User’s activities on the Platform to reasonably ensure that they are consistent with their knowledge of the User, its risk profile, and where necessary, the source of funds. TokenPrime shall also monitor activities undertaken by a User through the Platform to reasonably ensure they are consistent with their knowledge of the User and its associated activities. 5.3. When there are suspicions of money laundering or financing of activities relating to terrorism or where there are doubts about the adequacy or veracity of previously obtained User identification data, TokenPrime shall review the due diligence measures including reverifying the User’s identity, and shall request additional information. On the basis of monitoring activities conducted by TokenPrime as described under this Policy, User’s access to the Platform shall be frozen or suspended / blocked or terminated as decided by TokenPrime under its sole discretion. 6. Declarations and Obligations 6.1. Declarations and Disclosure of Information by TokenPrime 6.1.1. TokenPrime will identify and verify User’s identity at the time the User opts to trade using the Platform or apply to be a Customer. To this effect, TokenPrime shall collect such documents and data, as may be reasonably requested by TokenPrime from time to time, to establish and verify the identity of the User / for KYC purposes / to establish and verify the nature of any transaction undertaken on the Platform. TokenPrime shall also use/deploy various software and/or technology, either directly or through its service providers/vendors to establish and verify User’s identity and/or the documents/information provided by the User. 6.1.2. The documents and data for KYC and Customer identification purposes shall be requested from the User and shall be accessed and used by TokenPrime as per this Policy, the Applicable Laws, and the Privacy Policy. 6.1.3. TokenPrime shall endeavor to verify, either itself or through third-party vendors/service providers, the identity and address of the Users along with the other details and documents submitted by the User as may be legally/operationally tenable, including but not limited to using the following methods: (a) PAN/e-PAN verification through government sources; or (b) Masked/Offline Aadhar/Proof of Possession of Aadhar under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016; or (c) Passport issued under the Passports Act, 1967; or (d) Verification of Voter ID card issued by the Election Commission of India; or (e) Any other / additional document may be required by TokenPrime from time to time. 6.1.4. In case the User fails to provide the requisite KYC documents or any identification documents or information as requested by TokenPrime, TokenPrime shall hinder or completely restrict User’s use of the Platform and the related services. This includes but is not limited to not crediting the deposited Crypto and not completing the withdrawal processing of Crypto if the required information to comply with the Travel Rule (see 6.1.7 below) is not available, or if the regulatory checks for Travel Rule are not satisfied. 6.1.5. The list of documentation (as mentioned under clause 6.1.3), verification, and information may be amended by TokenPrime by way of a notification/intimation, in its sole discretion from time to time, without a prior notice. 6.1.6. TokenPrime reserves the right to examine or request additional information and documents to establish User’s identity, and financial position, including sources of User’s funds and/or details of the Crypto wallet or similar accounts from which User transfers / to where User receives any Crypto, and User shall provide all assistance and cooperation in this regard. TokenPrime also reserves the right to verify that any Crypto wallet used to transfer Crypto is operated/based in India. TokenPrime will obtain User’s complete Crypto wallet address as and when required, and if the User fails/refuses to comply with the requirements herein, TokenPrime shall not allow the User to access the Platform or carry out transactions through the Platform. 6.1.7. To comply with the Travel Rule requirements, wherein the originator information needs to be shared with the counterparty exchange in case of withdrawal of VDA by the User, TokenPrime can reach out to the User to obtain additional information, in line with the AML Guidelines. TokenPrime can also reach out to obtain the required information to verify beneficiary information in case of deposit of VDA by the User, if the corresponding Travel Rule information is missing/incomplete as received from the originating exchange. The successful completion of such withdrawals and deposits of VDA is subject to the internal Travel Rule and compliance controls implemented by TokenPrime. Travel Rule is applicable for all VDA transfers (deposits and withdrawals), irrespective of the amount or the type of VDA transferred. 6.1.8. Additional documents may be requested from Users by TokenPrime to ensure compliance with any Applicable Laws or TokenPrime’s policies or a request from any any banking partner/ payment system provider or participant/ statutory/ regulatory/ supervisory/ law enforcement authority/enforcement authority (“Authorities“) immediately. 6.1.10. TokenPrime reserves the right, at its sole discretion, to change, modify, add or remove portions of this KYC-AML Policy, at any time without any prior written notice. 6.2. Your Obligations You as the User, hereby agree to provide the required documents and information for KYC checks in a timely manner, to create and to continue using the User’s Platform Account through which the You may give instructions on the Platform. 6.2.1. You agree to use the Platform only for lawful and legal purposes as per this KYC-AML Policy, as amended from time to time, and the Applicable Laws. 6.2.2. You shall not use the Platform for any illegal or unlawful or criminal or anti-national purposes or for financing any such activity under any circumstance whatsoever. 6.2.3. You shall not impersonate another person or misrepresent Yourself on the Platform Under any circumstance whatsoever. 6.2.4. You undertake and warrant not to indulge in any transaction or any activity that is in violation of any Applicable Laws, this Policy or any other policy or instruction as issued by TokenPrime from time to time. 7. Grievance Redressal 7.1. In case of any complaint or queries, Users are directed to the Support team at [email protected]. 8. Periodic updation of KYC Periodic updation of KYC of Users is performed at such intervals of time and using such processes/documents as decided by TokenPrime at its sole discretion. A risk-based approach for periodic updation of KYC is adopted, wherein the periodic updation of KYC for all Users is done at least annually or more frequently as per TokenPrime’s discretion, to ensure the information and documentation for users is up-to-date. In case of any change in the information provided at the time of onboarding or periodic updates, the User should reach out to TokenPrime to get the details updated, along with valid proof of change. 9. Internal Controls 9.1. Preservation of Record / Record Management 9.1.1. TokenPrime will ensure that all information received for the purpose of identification or due diligence is used by it in accordance with TokenPrime’s terms and conditions applicable. TokenPrime shall also take necessary reasonable steps for maintenance, preservation, and reporting of User information per the internal policies and standard operating procedures of TokenPrime. 9.1.2. In addition, the confidentiality, security, and protection against access, use, and disclosure (including publication or display) of all information of a User, collected or created by TokenPrime shall be kept in accordance with Applicable Law. 9.1.3. TokenPrime shall collect and maintain records, in the form of books or stored in a computer, of User’s identity proof along with all documents and information provided by the User and of all the transactions undertaken by the User on the Platform, as required under the Applicable Laws/good industry practices. 9.1.4. TokenPrime shall maintain and if required, report to Authorities the records of: (a) the KYC details, documents, and data of all Users who access the Platform; (b) the KYC details, documents, and data of all Users who undertake a transaction on the Platform; or (c) User’s transactions on the Platform. 9.1.5. TokenPrime shall retain such records for a minimum time period of nine (9) years after a TokenPrime account is closed, as required under the Applicable Laws/good industry practices. 9.1.6. Notwithstanding anything to the contrary contained in the Terms of Use or agreement executed between the Customer and TokenPrime or Privacy Policy, any information obtained while undertaking the due diligence measures under this Policy or during registration/creation/ongoing due diligence of User’s activities shall be maintained for the duration of the relationship, and for a period of 9 (nine) years from the date the relationship ceases to exist or such longer period as may be specified under any Applicable Law/Authority. We have taken reasonable effort to ensure that this Policy adheres to the applicable laws. The invalidity or unenforceability of any part of this Policy shall not prejudice or affect the validity or enforceability of the remainder of this Policy. This Policy does not apply to any information other than the information collected by TokenPrime through the Platform.