The following are the objectives of this Merchant/Sourcing Partner onboarding policy of RR Fincap:

• Define a seamless and efficient process for onboarding Merchant/Sourcing Partners through digital channels and Fleet on Street (FOS). The same shall include Merchant/Sourcing Partner evaluation and assessment, Merchant/Sourcing Partner segmentation, Merchant/Sourcing Partner onboarding, etc.
• Facilitate the Merchant/Sourcing Partner acquisition process which includes activities such as agreement preparation, Merchant/Sourcing Partner due diligence, documentation verification, risk categorization, activation and maintenance of Merchant/Sourcing Partners etc.
• Define ongoing Merchant/Sourcing Partner monitoring measures to be undertaken
• Establish the guidelines for the company to take steps in case it decides to discontinue its relationship with the Merchant/Sourcing Partner or delist the Merchant/Sourcing Partner

This policy shall be applicable to all the Merchant/Sourcing Partners with whom the company establishes a relationship. It is also applicable to the FOS and Backend Operations team members (Merchant/Sourcing Partner Onboarding Support, Senior Manager- Merchant/Sourcing Partner On boarding, VP Operations) in the company who are responsible for the Merchant/Sourcing Partner acquisition/onboarding functions.

Lead generation and Merchant/Sourcing Partner sign-up would be possible through various online digital channels like website, Merchant/Sourcing Partner mobile application, etc. Digital on-boarding of the Merchant/Sourcing Partner would be done by FOS.

FOS shall be responsible for signing up the Merchant/Sourcing Partner, uploading and verifying of Merchant/Sourcing Partner KYC documents & bank account, submission of documents on Web/ Mobile Application. The Backend Operations Team shall be responsible for authenticating the Merchant/Sourcing Partner. Operations VP shall monitor the onboarding process.

• Real-time onboarding of Merchant/Sourcing Partners
• Digital verification of KYC documents
• Complete visibility and real-time tracking of applications
• Digital process eliminating the need of physical forms, IDs and documents
• OCR feature for fetching details from ID cards thereby minimizing human errors
• Digital process leading to faster onboarding, verification and customer delight.
• Transparency in the process

As per the RBI Guidelines the company shall undertake Merchant/Sourcing Partner assessment to comply with the regulatory requirements and as a preventive measure against the risks involved in the approval of the new Merchant/Sourcing Partners.

Below given is the process followed by the company for onboarding Merchant/Sourcing Partners:

Merchant/Sourcing Partner sign up and authentication:

• An android/Web application will be provided to the FOS to digitally onboard Merchant/Sourcing Partners. This application will allow FOS to fill basic details of the Merchant/Sourcing Partner, capture image & upload personal & business ID proofs, capture bank account details, E-sign contracts, etc.
• The FOS shall visit the Merchant/Sourcing Partner location and collect documents as mentioned under Appendix I. For OVDs, details are extracted from the respective authorized databases and auto populated onto the application.
• Details of the entity including CIN are fetched from the respective registrar database and verified.
• The OVDs and other IDs are verified by using proprietary AI based pattern level check algorithms and raises a red flag if wrong image or junk image was captured by the FOS.
• The Forgery Engine of the application ensures that no photocopies or Xerox images are uploaded and ensures compliance with regulations
• Forgery Engine of the app has the capability of extracting face from ID cards and ability to match them with each other.
• Merchant bank account is validated via Penny drop.

Additional Details captured:

• Photo of the premises
• Nature of Business
• Daily transaction limit
• Average monthly business volume of the Merchant/Sourcing Partner
• Details of commercials/fees – Merchant/Sourcing Partner Discount Rate (MDR), Rental, commitment charges, etc.

Merchant/Sourcing Partner background check:

• Background screening is done at this stage for the purpose of verification of the authenticity of the Merchant/Sourcing Partner’s intentions, business model, and purpose.
• Necessary assessment shall be done to ensure that Merchant/Sourcing Partners onboarded are not potential fraudsters or shell companies and that they do not sell fake/ prohibited/ counterfeit products, etc.
• Credit worthiness of the business and/or its owners shall be evaluated by doing credit bureau checks.
• The company shall analyse and review Merchant/Sourcing Partner’s web presence and content i.e. affiliated press articles, domain name, social media pages and online Customer ratings to build a full profile of the Merchant/Sourcing Partner and their reputation.
• The company shall also verify if the Merchant/Sourcing Partner’s website clearly indicates the product/service offered, mandatory parameters (About Us, Privacy Policy, Contact Us, Product Checkout), terms and conditions and timeline for processing returns and refunds.
• The company shall also scrutinize the business, track record, verify commercial history, etc.
• Name screening shall be done against negative/sanctions list published by United Nations Security Council.

Merchant/Sourcing Partner Risk Profile/Risk Categorization: Merchant/Sourcing Partners shall be categorized as low, medium or high-risk which in turn will determine the level of scrutiny applicable. Risk rating will be based on due diligence factors such as Merchant/Sourcing Partner's longevity, financial stability, industry, business model, products sold / services offered, and previous processing history, etc.
Refer to Section 5 : Risk Categorization (KYC AML Policy) for further details.

Security Assessment:
The Merchant/Sourcing Partner will be expected to comply with applicable law related to security of personal data. A review will be conducted at periodically in order to ensure compliance with regulatory security standard benchmarks. Refer to Section 9: Security Risk Assessment for further details.

Merchant/Sourcing Partner Agreement:

• On successful submission of the application by the FOS, the Merchant/Sourcing Partner agreement is generated.
• A digital form with all the Merchant/Sourcing Partner details is shared with the Merchant/Sourcing Partner. This form will also show the predefined charges & rates based on the type of product/service opted for by the Merchant/Sourcing Partner.
• The agreement is then physically signed and stamped by the Merchant/Sourcing Partner
• The agreement is then franked as per the prevalent stamp duty of the respective state
• Post this, the agreement is scanned and uploaded on the Application.

Scrutiny of Merchant/Sourcing Partner Application:

• Back Operations Team reviews the Merchant/Sourcing Partner application, details of the ID proof, risk flags as submitted by the FOS on the Mobile Application.
• The application submitted by FOS through the onboarding application will be approved/rejected/ sent for rework to the respective FOS by the Back Operations Team.

Generation of MID/ TID:

• Post successful onboarding, MID/TID is generated on the Merchant/Sourcing Partner Management System (MMS).
• Post generation of MID/ TID,
  • In case of Point of Sale (POS) Terminal, the terminal is installed at the Merchant/Sourcing Partner location and a test transaction is conducted by the FOS.
  • In case of online PG, an onboarding kit is shared for web integration, testing of test transaction.

After onboarding, businesses need to do constant due diligence checks to monitor any changes in Merchant/Sourcing Partner behaviour. The backend operations team would monitor the Merchant/Sourcing Partner’s activities to ensure they are consistent with their knowledge about the Merchant/Sourcing Partners, Merchant/Sourcing Partners’ business, and risk profile and the source of funds. The company shall outline how monitoring will occur, when it will occur, how reviews and feedback are conducted and how risk exposures are identified and mitigated.
Ongoing due diligence checks assist organizations in improving their chances against financial crimes such as terrorist funding and money laundering. The Company shall monitor on an ongoing basis the following types of activities:

• Suspicious transactions having inconsistent patterns of transactions such as spike in velocity, high volume, exceeding threshold, etc.
• Sudden surge in transactions by a Merchant/Sourcing Partner to a particular entity.
• Fraud reporting cases or any non-compliance in terms of information sharing.
• Out of area or unusual cross-border activities
• Stricter monitoring for Merchant/Sourcing Partners identified as high-risk Merchant/Sourcing Partners
• Adverse media mentions
• Increase in chargeback/return/refund cases
• Change in website details or contact information can be a hint of fraud.

RBI Guidelines state that NBFC as a RE should undertake comprehensive security assessment during onboarding process to ensure that minimal baseline security controls are adhered to by the Merchant/Sourcing Partners. The company is exposed to significant cyber risks and compliance liabilities due to its Merchant/Sourcing Partners. For this purpose, the company shall conduct comprehensive security assessments during onboarding to ensure adequate safeguards in place as applicable.

• RR FINCAP will undertake comprehensive security assessment during Merchant/Sourcing Partner onboarding process to check compliance to security controls. RR FINCAP will obtain periodic security assessment reports either based on the risk assessment (large or small Merchant/Sourcing Partners) and / or at the time of renewal of contracts.

Merchant/Sourcing Partner account may be deactivated or otherwise restricted from accessing or using the NBFC Platform or Services in the event of:

• Violation of Terms of Use as per the agreement between the company and the Merchant/Sourcing Partner
• Disparagement of the company or any of its affiliates
• Termination request from the Merchant/Sourcing Partner
• High chargebacks and/or substantial fraud transactions on the gateway
• Complaints against the Merchant/Sourcing Partner

The policy is reviewed on an annual basis and updated to incorporate changes as per RBI Guidelines. All updates/changes to the Policy will be communicated to the relevant staff/relevant stakeholders on a periodic basis. All such changes /modifications will be reported to the Board for approval.

In line with Master Direction – KYC Direction, 2016, RR FINCAP shall take the following steps for maintaining, preserving and reporting of Customer information:

• Maintain all necessary records of transactions with Customers including the Merchant/Sourcing Partner agreement, Merchant/Sourcing Partner application, documentation, transaction data, etc. for at least five years from the date of transaction.
• Preserve the records pertaining to the identification of the Customers and their addresses obtained while onboarding the customer and during the course of business relationship, for a period of five years from the date of cessation of the transactions.
• Make available the identification records and transaction data to the competent authorities upon request.
• Maintain all necessary information in respect of transactions prescribed under PML Rule 3 so as to permit reconstruction of individual transaction, including the following:
  • the nature of the transactions
  • the amount of the transaction
  • the date on which the transaction was conducted and
  • the parties to the transaction.
• Evolve a system for proper maintenance and preservation of Customer information in a manner that allows data to be retrieved easily and quickly whenever required or when requested by the competent authorities.