Kortya Softcom Private Limited (“Kortya Softcom” or “the Company”) is firmly committed to operating in full compliance with the Prevention of Money Laundering Act, 2002 (PMLA), its associated rules and regulations, and global standards set by the Financial Action Task Force (FATF). This includes taking all reasonable steps to prevent its digital payments platform, merchant services, and financial products from being misused for money laundering, terrorist financing, or proliferation of weapons of mass destruction. Money laundering not only facilitates criminal enterprises but also undermines financial institutions and economies. Accordingly, Kortya Pay has established this Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) Policy to proactively address the risks posed by illicit financial flows in its operations.
2.1 Detect and deter attempts by customers, merchants, vendors, or third parties to misuse Kortya Pay platform for unlawful purposes.
2.2 Comply with all applicable Indian laws, regulations, and international obligations relating to AML/CFT.
2.3 Apply a risk-based approach (RBA) to customer onboarding, transaction monitoring, and reporting.
2.4 Establish robust internal control mechanisms, including periodic audits, screening systems, and escalation procedures.
2.5 Ensure that Suspicious Transaction Reports (STRs), Cash Transaction Reports (CTRs), and other relevant disclosures are filed with the Financial Intelligence Unit - India (FIU-IND) in a timely and confidential manner.
2.6 Promote a strong compliance culture through employee training, continuous monitoring, and senior management oversight.
2.7 Ensure that all data collected for AML/CFT purposes is handled in accordance with data protection and privacy principles, maintaining customer confidentiality while fulfilling legal obligations.
Kortya Pay considers its compliance framework not just as a regulatory requirement, but as an essential part of ethical and responsible business conduct. The policy will be reviewed annually and updated as necessary to incorporate evolving threats, technological changes, regulatory amendments, and global best practices.
This AML/CFT Policy applies comprehensively across all facets of Kortya Softcom Private Limited’s operations and extends to all individuals and entities associated with the Company, directly or indirectly. The objective is to ensure that every stakeholder engaged in the provision, facilitation, or use of a Kortya Pay services is aligned with its compliance framework and obligations.
This policy shall be binding on:
including full-time, part-time, temporary, contractual, and interns, across all business units and departments.
who are responsible for oversight, review, and strategic implementation of the AML/CFT framework.
who directly implement, monitor, and audit AML-related controls.
responsible for developing systems used in KYC, transaction monitoring, and reporting.
This policy shall also be applicable to the following external stakeholders, to the extent of their association with Kortya Softcom financial and payment systems:
Any entity or individual involved in promoting, distributing, or facilitating Kortya Pay’s products or services on behalf of the Company, including payment aggregators, resellers, and white-label partners.
Including but not limited to those who have access to customer data, payment infrastructure, or are engaged in customer onboarding, KYC verification, IT support, and back-office operations.
Businesses or individuals that utilize Kortya Pay’s payment gateway, POS devices, QR-based payment collection, or other merchant service offerings. They are required to undergo onboarding due diligence and adhere to transaction monitoring norms.
Individuals and businesses utilizing Kortya Pay mobile wallet, prepaid instruments, payment processing, or related financial services. They are required to comply with KYC, transaction limits, and other regulatory measures enforced under this policy.
The policy covers all current and future digital payment services and financial products offered by Kortya Softcom, including but not limited to:
6.1 Payment gateways
6.2 Mobile wallets and prepaid payment instruments
6.3 Merchant onboarding and settlement services
6.4 Peer-to-peer payments
6.5 E-commerce and fintech integrations
6.6 API-based transaction processing
All such services shall be subject to appropriate risk classification, due diligence, and monitoring requirements under this policy.
Kortya Softcom is committed to upholding all applicable laws and international standards related to anti-money laundering and counter-terrorism financing. The regulatory framework guiding this commitment includes:
7.1 The Prevention of Money Laundering Act, 2002 (PMLA):
7.2 Reserve Bank of India (RBI) Master Directions on KYC:
7.3 Financial Action Task Force (FATF)
7.4 Guidelines issued by the Financial Intelligence Unit – India (FIU-IND)
Kortya Softcom will implement robust Customer Due Diligence (CDD) procedures, forming the foundation of its risk management system.
Prior to onboarding, all customers shall be subjected to identity verification processes. The following documents and information will be mandatorily collected and validated:
Aadhaar card, PAN card, passport, voter ID, or any other government-issued photo ID.
Recent utility bills, bank statements, rent agreements, or other acceptable forms showing current residential or business address.
Relevant business registration certificates such as GST registration, shop establishment license, FSSAI license (if applicable), or any other trade license validating the legitimacy of the entity.
In cases where there is a higher perceived risk, Enhanced Due Diligence measures shall be applied. This includes but is not limited to:
Identification of PEPs and close associates, along with source of funds verification.
Customers located in or associated with jurisdictions identified as non-cooperative or high-risk by FATF or Indian authorities.
Transactions that lack obvious economic rationale or are inconsistent with the customer’s known business profile or behavior.
Kortya adopts a Risk-Based Approach (RBA) to efficiently allocate compliance resources and apply appropriate levels of scrutiny.
9.1 Customers will be segmented into risk categories—Low, Medium, and High—based on predefined risk indicators.
9.2 Risk indicators may include customer type, nature of business, location, transaction volume, and behavioral anomalies.
9.3 Based on the assigned risk category, appropriate levels of due diligence, monitoring, and reporting obligations will be imposed.
9.4 Risk classifications will be reviewed at regular intervals or upon detection of any red flags or trigger events, to ensure their continued relevance.
Kortya will deploy automated monitoring systems capable of:
10.1.1 Flagging large or anomalous transactions that deviate from established customer patterns.
10.1.2 Detecting transactions involving high-risk countries or entities under sanctions.
10.1.3 Identifying signs of layering, structuring, smurfing, or other techniques commonly associated with money laundering.
All transactions raising suspicion of unlawful activity will be reported confidentially to the FIU-IND in a timely manner.
If applicable, CTRs will be filed for cash transactions that cross regulatory thresholds.
All records—including KYC data, transaction logs, and reporting histories—shall be maintained securely for a minimum of five (5) years from the date of transaction or closure of account, whichever is later.
A designated AML Compliance Officer will be appointed at Kortya Softcom with the following responsibilities:
11.1 Ensuring full implementation of AML/CFT controls and frameworks across all business units.
11.2 Coordinating with external regulatory agencies, law enforcement bodies, and financial intelligence units.
11.3 Evaluating and reviewing STRs before final submission to ensure accuracy and adequacy.
11.4 Conducting regular internal reviews, gap analysis, and updates to the AML/CFT framework in response to emerging risks.
Kortya recognizes that an effective AML program depends heavily on the awareness and vigilance of its employees.
12.1 All relevant staff shall undergo mandatory AML/CFT training sessions at regular intervals.
12.2 Training programs shall include identification of red flags, proper KYC/EDD procedures, transaction monitoring protocols, and internal reporting mechanisms.
12.3 Detailed attendance records and training material archives shall be maintained.
12.4 Employees are obligated to report any suspicious activity immediately to the Compliance Officer through established internal channels.
Kortya Softcom will maintain comprehensive and secure documentation of all AML-related records, including but not limited to:
13.1 Original and updated KYC documents.
13.2 Logs of all financial and attempted (failed) transactions.
13.3 Internal risk assessments, investigations, audit reports, and records of STR/CTR filings.
All documents will be stored in secure, access-controlled systems and made available to regulatory or investigative agencies upon request.
This AML/CFT policy will be reviewed on an annual basis, or more frequently if required due to:
14.1 Changes in applicable laws, rules, or regulatory guidance.
14.2 Significant shifts in business operations or product offerings.
14.3 Identification of new threats, vulnerabilities, or control gaps.
All revisions will be subject to review and approval by senior management and will be disseminated to all stakeholders in a timely manner.
Any breach or willful neglect in complying with this AML/CFT policy will invite strict disciplinary action. This may include:
12.1 Formal warnings or reprimands.
12.2 Termination of employment or vendor relationships.
12.3 Legal action under applicable provisions of PMLA or other regulatory laws.