Merchant Onboarding Policy
RR Fincap Private Limited ( NBFC-ND)(hereinafter referred to as the “company”), seeks to document the practices and procedures to be followed by the company for acquisition of new Merchant/Sourcing Partners. The company believes in human centric innovation and customer is at the core of their business. To offer a faster, secure and seamless onboarding experience,RR Fincap has detailed this Merchant/Sourcing Partner Onboarding Policy.
The Merchant/Sourcing Partner Onboarding Policy is required to amongst others lay down guiding principles for onboarding of Merchant/Sourcing Partners in accordance with the requirements specified by the NBFC Guidelines and other applicable regulations such as RBI Mater Directions- Know your Customer Directions, 2016, as amended or clarified from time to time (“KYC Master Directions”).

Objective of the Policy
The following are the objectives of this Merchant/Sourcing Partner onboarding policy of RR Fincap:
  • Define a seamless and efficient process for onboarding Merchant/Sourcing Partners through digital channels and Fleet on Street (FOS). The same shall include Merchant/Sourcing Partner evaluation and assessment, Merchant/Sourcing Partner segmentation, Merchant/Sourcing Partner onboarding, etc.
  • Facilitate the Merchant/Sourcing Partner acquisition process which includes activities such as agreement preparation, Merchant/Sourcing Partner due diligence, documentation verification, risk categorization, activation and maintenance of Merchant/Sourcing Partners etc.
  • Define ongoing Merchant/Sourcing Partner monitoring measures to be undertaken
  • Establish the guidelines for the company to take steps in case it decides to discontinue its relationship with the Merchant/Sourcing Partner or delist the Merchant/Sourcing Partner
Scope and Applicability
This policy shall be applicable to all the Merchant/Sourcing Partners with whom the company establishes a relationship. It is also applicable to the FOS and Backend Operations team members (Merchant/Sourcing Partner Onboarding Support, Senior Manager- Merchant/Sourcing Partner On boarding, VP Operations) in the company who are responsible for the Merchant/Sourcing Partner acquisition/onboarding functions.

Channels of Onboarding
Lead generation and Merchant/Sourcing Partner sign-up would be possible through various online digital channels like website, Merchant/Sourcing Partner mobile application, etc. Digital on-boarding of the Merchant/Sourcing Partner would be done by FOS.
Roles and Responsibilities
FOS shall be responsible for signing up the Merchant/Sourcing Partner, uploading and verifying of Merchant/Sourcing Partner KYC documents & bank account, submission of documents on Web/ Mobile Application. The Backend Operations Team shall be responsible for authenticating the Merchant/Sourcing Partner. Operations VP shall monitor the onboarding process.
Key Features of Onboarding
  • Real-time onboarding of Merchant/Sourcing Partners
  • Digital verification of KYC documents
  • Complete visibility and real-time tracking of applications
  • Digital process eliminating the need of physical forms, IDs and documents
  • OCR feature for fetching details from ID cards thereby minimizing human errors
  • Digital process leading to faster onboarding, verification and customer delight.
  • Transparency in the process
Merchant/Sourcing Partner Onboarding Procedure
As per the RBI Guidelines the company shall undertake Merchant/Sourcing Partner assessment to comply with the regulatory requirements and as a preventive measure against the risks involved in the approval of the new Merchant/Sourcing Partners.

Below given is the process followed by the company for onboarding Merchant/Sourcing Partners:

Merchant/Sourcing Partner sign up and authentication:
  • An android/Web application will be provided to the FOS to digitally onboard Merchant/Sourcing Partners. This application will allow FOS to fill basic details of the Merchant/Sourcing Partner, capture image & upload personal & business ID proofs, capture bank account details, E-sign contracts, etc.
  • The FOS shall visit the Merchant/Sourcing Partner location and collect documents as mentioned under Appendix I. For OVDs, details are extracted from the respective authorized databases and auto populated onto the application.
  • Details of the entity including CIN are fetched from the respective registrar database and verified.
  • The OVDs and other IDs are verified by using proprietary AI based pattern level check algorithms and raises a red flag if wrong image or junk image was captured by the FOS.
  • The Forgery Engine of the application ensures that no photocopies or Xerox images are uploaded and ensures compliance with regulations
  • Forgery Engine of the app has the capability of extracting face from ID cards and ability to match them with each other.
  • Merchant bank account is validated via Penny drop.

Additional Details captured:
  • Photo of the premises
  • Nature of Business
  • Daily transaction limit
  • Average monthly business volume of the Merchant/Sourcing Partner
  • Details of commercials/fees – Merchant/Sourcing Partner Discount Rate (MDR), Rental, commitment charges, etc.

Merchant/Sourcing Partner background check:
  • Background screening is done at this stage for the purpose of verification of the authenticity of the Merchant/Sourcing Partner’s intentions, business model, and purpose.
  • Necessary assessment shall be done to ensure that Merchant/Sourcing Partners onboarded are not potential fraudsters or shell companies and that they do not sell fake/ prohibited/ counterfeit products, etc.
  • Credit worthiness of the business and/or its owners shall be evaluated by doing credit bureau checks.
  • The company shall analyse and review Merchant/Sourcing Partner’s web presence and content i.e. affiliated press articles, domain name, social media pages and online Customer ratings to build a full profile of the Merchant/Sourcing Partner and their reputation.
  • The company shall also verify if the Merchant/Sourcing Partner’s website clearly indicates the product/service offered, mandatory parameters (About Us, Privacy Policy, Contact Us, Product Checkout), terms and conditions and timeline for processing returns and refunds.
  • The company shall also scrutinize the business, track record, verify commercial history, etc.
  • Name screening shall be done against negative/sanctions list published by United Nations Security Council.

Merchant/Sourcing Partner Risk Profile/Risk Categorization: Merchant/Sourcing Partners shall be categorized as low, medium or high-risk which in turn will determine the level of scrutiny applicable. Risk rating will be based on due diligence factors such as Merchant/Sourcing Partner's longevity, financial stability, industry, business model, products sold / services offered, and previous processing history, etc.
Refer to Section 5 : Risk Categorization (KYC AML Policy) for further details.

Security Assessment:
The Merchant/Sourcing Partner will be expected to comply with applicable law related to security of personal data. A review will be conducted at periodically in order to ensure compliance with regulatory security standard benchmarks. Refer to Section 9: Security Risk Assessment for further details.

Merchant/Sourcing Partner Agreement:
  • On successful submission of the application by the FOS, the Merchant/Sourcing Partner agreement is generated.
  • A digital form with all the Merchant/Sourcing Partner details is shared with the Merchant/Sourcing Partner. This form will also show the predefined charges & rates based on the type of product/service opted for by the Merchant/Sourcing Partner.
  • The agreement is then physically signed and stamped by the Merchant/Sourcing Partner
  • The agreement is then franked as per the prevalent stamp duty of the respective state
  • Post this, the agreement is scanned and uploaded on the Application.

Scrutiny of Merchant/Sourcing Partner Application:
  • Back Operations Team reviews the Merchant/Sourcing Partner application, details of the ID proof, risk flags as submitted by the FOS on the Mobile Application.
  • The application submitted by FOS through the onboarding application will be approved/rejected/ sent for rework to the respective FOS by the Back Operations Team.

Generation of MID/ TID:
  • Post successful onboarding, MID/TID is generated on the Merchant/Sourcing Partner Management System (MMS).
  • Post generation of MID/ TID,
    • In case of Point of Sale (POS) Terminal, the terminal is installed at the Merchant/Sourcing Partner location and a test transaction is conducted by the FOS.
    • In case of online PG, an onboarding kit is shared for web integration, testing of test transaction.
Ongoing Monitoring
After onboarding, businesses need to do constant due diligence checks to monitor any changes in Merchant/Sourcing Partner behaviour. The backend operations team would monitor the Merchant/Sourcing Partner’s activities to ensure they are consistent with their knowledge about the Merchant/Sourcing Partners, Merchant/Sourcing Partners’ business, and risk profile and the source of funds. The company shall outline how monitoring will occur, when it will occur, how reviews and feedback are conducted and how risk exposures are identified and mitigated.
Ongoing due diligence checks assist organizations in improving their chances against financial crimes such as terrorist funding and money laundering. The Company shall monitor on an ongoing basis the following types of activities:
  • Suspicious transactions having inconsistent patterns of transactions such as spike in velocity, high volume, exceeding threshold, etc.
  • Sudden surge in transactions by a Merchant/Sourcing Partner to a particular entity.
  • Fraud reporting cases or any non-compliance in terms of information sharing.
  • Out of area or unusual cross-border activities
  • Stricter monitoring for Merchant/Sourcing Partners identified as high-risk Merchant/Sourcing Partners
  • Adverse media mentions
  • Increase in chargeback/return/refund cases
  • Change in website details or contact information can be a hint of fraud.
Security Risk Assessment
RBI Guidelines state that NBFC as a RE should undertake comprehensive security assessment during onboarding process to ensure that minimal baseline security controls are adhered to by the Merchant/Sourcing Partners. The company is exposed to significant cyber risks and compliance liabilities due to its Merchant/Sourcing Partners. For this purpose, the company shall conduct comprehensive security assessments during onboarding to ensure adequate safeguards in place as applicable.
  • RR FINCAP will undertake comprehensive security assessment during Merchant/Sourcing Partner onboarding process to check compliance to security controls. RR FINCAP will obtain periodic security assessment reports either based on the risk assessment (large or small Merchant/Sourcing Partners) and / or at the time of renewal of contracts.
Deactivation of Merchant/Sourcing Partners
Merchant/Sourcing Partner account may be deactivated or otherwise restricted from accessing or using the NBFC Platform or Services in the event of:
  • Violation of Terms of Use as per the agreement between the company and the Merchant/Sourcing Partner
  • Disparagement of the company or any of its affiliates
  • Termination request from the Merchant/Sourcing Partner
  • High chargebacks and/or substantial fraud transactions on the gateway
  • Complaints against the Merchant/Sourcing Partner
Policy Review
The policy is reviewed on an annual basis and updated to incorporate changes as per RBI Guidelines. All updates/changes to the Policy will be communicated to the relevant staff/relevant stakeholders on a periodic basis. All such changes /modifications will be reported to the Board for approval.
Record Management
In line with Master Direction – KYC Direction, 2016, RR FINCAP shall take the following steps for maintaining, preserving and reporting of Customer information:
  • Maintain all necessary records of transactions with Customers including the Merchant/Sourcing Partner agreement, Merchant/Sourcing Partner application, documentation, transaction data, etc. for at least five years from the date of transaction.
  • Preserve the records pertaining to the identification of the Customers and their addresses obtained while onboarding the customer and during the course of business relationship, for a period of five years from the date of cessation of the transactions.
  • Make available the identification records and transaction data to the competent authorities upon request.
  • Maintain all necessary information in respect of transactions prescribed under PML Rule 3 so as to permit reconstruction of individual transaction, including the following:
    • the nature of the transactions
    • the amount of the transaction
    • the date on which the transaction was conducted and
    • the parties to the transaction.
  • Evolve a system for proper maintenance and preservation of Customer information in a manner that allows data to be retrieved easily and quickly whenever required or when requested by the competent authorities.
Appendix I - Entity Wise Document List
Particulars Specific Checks
Individual Checks
PAN Card/Form 60
  • PAN Number is validated by third-party vendor
  • Collected for Ultimate Beneficial Owner (UBO) and/or Authorised Signatory and/or Power of Attorney and/or Authorisation holder
Officially Valid Document (OVD): (Any 1)
Passport, driving license, proof of possession of Aadhaar number, the Voter’s Identity Card, job card issued by NREGA duly signed by an officer of the State Government and letter issued by the National Population Register.
  • Aadhaar Card is authenticated via Aadhaar XML
  • Collected for Ultimate Beneficial Owner (UBO) and/or Authorised Signatory and/or Power of Attorney and/or Authorisation holder
  • Match all details on OVD with that on PAN (e.g.: name, birthdate, image, etc.)
Individual Address proofs (if required):
Utility bills, Property/Municipal Tax receipts, Pension orders and Letter of allotment
  • Match name and address with PAN and other documents
  • Match address proof with details provided during sign-up
Proof of address of foreign nationals:
Any document issued by the Government departments of foreign jurisdictions and/or letter issued by the Foreign Embassy or Mission in India.
Cancelled Cheque
  • Bank Account details are verified using Penny Drop
Legal Entity Checks
  • Certificate of Incorporation
  • MoA and AoA
  • PAN Card
  • Board Resolution
  • Ownership Structure and UBO declaration
  • OVD of Authorised signatory
  • Cancelled Cheque
  • Verify name, CIN/DIN/LLP via MCA Portal
  • Board Resolution is verified by matching authorised signatory details on AoA, MoA
  • OVD of Authorised signatory is verified as mentioned above
  • PAN Number of the Company is verified as mentioned above
  • Bank Account details are verified using Penny Drop
Partnership/Limited Liability Partnerships (LLP)
  • Registration Certificate
  • PAN
  • Partnership Deed/LLP agreement
  • Power of Attorney
  • OVD of Authorised signatory
  • Cancelled Cheque
  • Registration checks based on available databases
  • OVD of Authorised signatory is verified as mentioned above
  • PAN Number of the Company is verified as mentioned above
  • Bank Account details are verified using Penny Drop
Sole Proprietorship
  • PAN and OVD of proprietor
  • Any two of the below documents as proof of business
    • Certificate/licence issued by the municipal authorities under Shop and Establishment Act.
    • Registration Certificate
    • Sales and income tax returns.
    • 36CST/VAT/ GST certificate (provisional/final).
    • Certificate/registration document issued by Sales Tax/Service Tax/Professional Tax authorities.
    • IEC (Importer Exporter Code) issued to the proprietary concern by the office of DGFT or Licence/certificate of practice issued in the name of the proprietary concern by any professional body incorporated under a statute.
    • Complete Income Tax Return (not just the acknowledgement) in the name of the sole proprietor where the firm's income is reflected, duly authenticated/acknowledged by the Income Tax authorities.
    • Utility bills such as electricity, water, landline telephone bills, etc
  • Cancelled Cheque
  • OVD of Authorised signatory is verified as mentioned above
  • PAN Number is validated by third-party vendor
  • Registration checks based on available databases
  • Bank Account details are verified using Penny Drop
  • Registration Certificate
  • PAN Card
  • Trust Deed
  • Power of Attorney
  • OVD of Authorised signatory
  • list of beneficiaries, settlors and trustees
  • Cancelled Cheque
  • Registration checks based on available databases
  • OVD of Authorised signatory is verified as mentioned above
  • PAN Number of the Company is verified as mentioned above
  • Bank Account details are verified using Penny Drop
Unincorporated Association or a body of individuals
  • PAN Card
  • Power of Attorney
  • Resolution of the managing body
  • OVD
  • Cancelled Cheque
  • OVD of Authorised signatory is verified as mentioned above
  • PAN Number of the Company is verified as mentioned above
  • Registration checks based on available databases
  • Bank Account details are verified using Penny Drop
Hindu Undivided Family (HUF)
  • PAN Card
  • Resolution of managing body
  • Power of Attorney
  • HUF Deed (if applicable)
  • Cancelled Cheque
  • PAN Number of the Company is verified as mentioned above
  • Registration checks based on available databases
  • Bank Account details are verified using Penny Drop
  • Bank Account details are verified using Penny Drop
Appendix II – Prohibited Businesses List
  • Adult goods and services which includes pornography and other sexually suggestive materials (including literature, imagery and other media); escort or prostitution services
  • Body parts which includes organs or other body parts
  • Child pornography which includes pornographic materials involving minors
  • Drugs and drug paraphernalia which includes hallucinogenic substances, illegal drugs and drug accessories, including herbal drugs like salvia and magic mushrooms
  • Illegal goods which includes materials, products, or information promoting illegal goods or enabling illegal acts
  • Weapons which includes firearms, ammunition, knives, brass knuckles, gun parts, and other armaments
  • Websites depicting violence and extreme sexual violence
  • Bestiality