Anti‑Money Laundering (AML) & CFT Policy

Tawaka Fusion Tech Private Limited
Emaar, Emerald Plaza, EPO‑03‑004, 3rd Floor, Golf Course Extension Road, Sector 65, Gurgaon, Haryana – 122018, India
Mobile: +91‑9165242716

1. Introduction

Purpose & Scope

This document establishes the Anti‑Money Laundering (AML), Combating the Financing of Terrorism (CFT), and Combating Proliferation Financing (CPF) policy for Tawaka Fusion Tech Private Limited (the “Company”), a Virtual Digital Asset Service Provider (SP) as defined under the Prevention of Money Laundering Act, 2002 (PMLA) and mandated by the Financial Intelligence Unit (FIU) of India. It aims to prevent, detect, and report suspicious activities related to money laundering or terrorist financing.

Regulatory Framework

  • Prevention of Money Laundering Act, 2002 (PMLA)
  • Unlawful Activities (Prevention) Act, 1967 (UAPA)
  • The Weapons of Mass Destruction and Delivery Systems (Prohibition of Unlawful Activities) Act, 2005 (WMDA)
  • FIU‑IND Guidelines for VDA Service Providers dated March 10, 2023

Applicability

This policy applies to activities under notification F. No. P‑12011/12/2022‑ES Cell‑ DOR dated March 07, 2023, including exchange and transfer of VDAs, safekeeping/administration, and the provision of financial services related to VDA offerings.

2. Policy Objectives

Primary Objectives

  • Establish robust systems and procedures to prevent money laundering, terrorist financing, and proliferation financing.
  • Implement effective Know Your Customer (KYC) and Customer Due Diligence (CDD) procedures.
  • Develop and maintain risk assessment and management systems.
  • Ensure compliance with regulatory reporting requirements.
  • Foster a culture of compliance within the organization.

Risk‑Based Approach

The Company adopts a risk‑based approach to identify and assess money‑laundering and terrorist‑financing risks, apply appropriate mitigation measures, allocate resources efficiently, and implement controls proportionate to identified risks.

3. Registration and Compliance Requirements

FIU‑IND Registration

  • Maintain active registration as a Reporting Entity with FIU‑IND.
  • Disclose and keep updated all bank account details used for business transactions and holding client money.
  • Submit periodic updates to registration information as required.

Internal Control Mechanism

In accordance with Rule 7(3) of the PMLR, the Company shall:

  • Develop and maintain internal mechanisms to detect specified transactions.
  • Report relevant information to FIU‑IND.
  • Ensure compliance by all stakeholders, including the Designated Director, officers, and employees.

4. Policy Implementation Framework

Organizational Structure

  • Board of Directors: Ultimate responsibility for AML/CFT/CPF compliance.
  • Designated Director: Oversight of policy implementation.
  • Principal Officer: Day‑to‑day compliance operations.
  • Compliance Team: Policy execution and monitoring.

Documentation and Record Keeping

  • Complete documentation of policies and procedures.
  • Transaction records as per regulatory requirements.
  • KYC and CDD records; training records; audit trails.

Review and Updates

  • Reviewed at least annually; updated for regulatory changes.
  • Modified based on risk‑assessment outcomes; Board‑approved.

5. Governance Structure

Designated Director

Appointment: Board level; notify FIU‑IND within 7 days (including changes).

Responsibilities:

  • Implement Chapter IV obligations under PMLA; oversee program effectiveness.
  • Allocate resources; approve high‑risk client acceptance; report to the Board.

Principal Officer

Appointment: Senior management; separate from Designated Director; notify FIU‑IND within 7 days.

Responsibilities include: day‑to‑day compliance, monthly FIU reporting (by 15th), STR filing (within 7 working days of suspicion), mechanism upkeep, group‑wide policy implementation, client acceptance oversight, records, and law‑enforcement coordination.

6. Risk Assessment Methodology

The Company adopts a risk‑based approach to identify, assess, and mitigate ML/TF risks.

Risk Categorization

High Risk

  • Politically Exposed Persons (PEPs)
  • Non‑resident customers
  • High‑net‑worth individuals
  • Customers from high‑risk jurisdictions

Low Risk

  • Regular retail customers
  • Government entities

Product/Service Risk

High Risk

  • Anonymity‑enhanced cryptocurrencies
  • Unhosted wallet transfers
  • High‑value transactions
  • Complex transaction patterns

Low Risk

  • Regular VDA trading
  • Small‑value transactions
  • Transparent blockchain transactions

Risk Mitigation & Ongoing Review

  • EDD for high‑risk categories; documented controls proportionate to risk.
  • Periodic reviews; annual profile refresh; updates for emerging threats and legal changes.

7. Customer Due Diligence (CDD) Procedures

Standard Due Diligence

  • PAN or National Identity Number
  • Official Valid Document (OVD): Full Name, Photograph, Proof of Address, and Proof of Identity

Customer Identification (Individuals)

  • Passport
  • Driving License
  • Aadhaar
  • Voter’s ID

Risk Assessment Matrix

  • Factors: geography, transaction & trading patterns, wallet history, source of funds, privacy‑coin usage, DeFi interaction.
FactorWeight
Customer Profile30%
Wallet History25%
Transaction Patterns25%
Geographic Risk20%

Categories: Low (0–40), Medium (41–70), High (71–100).

Enhanced Due Diligence (EDD)

  • Verify source of funds (bank statements, tax returns).
  • Continuous monitoring for unusual behavior.
  • Additional information inc. proof of funds; senior‑management approval; periodic review.

Record‑Keeping

Maintain KYC/CDD and transaction records for ≥5 years post relationship end or transaction date, incl. IDs, verification details, transactions, and STR documentation.

8. Transaction Monitoring Framework

Monitoring Procedures

Automated monitoring for unusual patterns, large/structured transactions, and high‑risk involvement; thresholds trigger investigation.

Transaction Pattern Analysis

  • Large transactions (> ₹10 lakhs eqv.)
  • Frequent small/round transactions
  • Multiple wallet, cross‑chain/bridge, privacy‑coin transfers
  • Use of mixing services

Wallet & Network Analysis

  • High‑risk/sanctioned wallet screening; mixer identification
  • DeFi protocol interaction & smart‑contract risk
  • Layer‑2 and privacy protocol usage

Alert Generation Rules

Transaction‑Based

  • Single thresholds
  • Daily aggregation
  • Weekly volume alerts
  • High‑risk wallet interactions

Behavior‑Based

  • Sudden volume increase
  • Pattern changes / new counterparties
  • Geographic anomalies
  • Trading‑pattern changes

Alert Investigation Process

Initial (≤24h): verify alert, trace transactions, cluster wallets, review profile.

Detailed (≤72h): blockchain forensics, graph analysis, source/destination tracing.

Reporting Suspicious Transactions

Escalate to Principal Officer; prepare & submit STRs within 7 working days of suspicion.

STR Triggers

Transaction‑Based

  • Mixing services usage
  • High‑risk wallet interactions
  • Suspicious cross‑chain / privacy‑coin conversions
  • Large unexpected transactions

Pattern‑Based

  • Structuring / layering attempts
  • Chain‑hopping patterns
  • Suspicious smart‑contract / DeFi activity

STR Investigation & Filing

Collect: tx details, blockchain reports, wallet history, customer profile, communications.

Analyze: flow mapping, clustering, patterns, risk, evidence.

File: narrative + evidence; within 7 days; emergency & follow‑ups as needed.

Prohibition on Tipping‑Off: Do not disclose flags, investigations, or STR filings to customers.

9. Reporting Procedures

Internal Escalation (Outreach Money)

  1. Level 1 – Compliance Analysts: review auto‑alerts; escalate as needed.
  2. Level 2 – Compliance Manager (Pritish Kumarawat): assess severity; escalate to Principal Officer.
  3. Level 3 – Principal Officer (Gautam Sharma): final decision on STR filing to FIU‑IND.

Employees must report suspicious activities via internal channels without retaliation; the Principal Officer ensures confidentiality and timely external reporting.

External Obligations

Timely STR submissions to FIU‑India are mandatory; deadlines per PMLA apply.

10. Sanctions Compliance

Screening

  • Onboarding & ongoing screening against UN/OFAC and applicable lists.
  • Real‑time transaction screening with frequently updated databases.

Prohibitions & EDD

  • No transactions with sanctioned parties; EDD for high‑risk jurisdictions or PEPs.

11. Training and Awareness Programs

Company‑wide training at least annually: policies & procedures, typologies, regulatory updates, case studies (per In‑House AML/CFT Training Policy).

12. Internal Controls and Audit

Quarterly compliance reviews; annual independent audit; ad‑hoc risk‑event reviews. Focus: policy compliance, control testing, procedure effectiveness, transaction sampling, CDD review, and staff‑training assessment.

13. Record Retention Policy

Duration

  • Transactions: 5 years
  • Customer identification: 5 years post‑relationship
  • Training & audit records: 5 years
  • Board/committee minutes & regulatory correspondence: Permanent

Access & Data Privacy

  • Encrypted Storage (AES) – encryption at rest.
  • IP Whitelisting – only trusted IPs access databases.
  • Access Controls – role‑based permissions to encrypted data.

14. Policy Review and Updates

Reviewed annually or as required by regulatory/operational changes. All updates require Board approval prior to implementation.

15. Definitions

  • AML – Anti‑Money Laundering measures.
  • CFT – Combating the Financing of Terrorism.
  • CDD – Customer identification/verification before relationship establishment.
  • EDD – Additional scrutiny for high‑risk customers.
  • PEPs – Politically Exposed Persons.
  • STR – Suspicious Transaction Report to FIU‑IND.
  • Sanctions Lists – Regulatory lists of restricted entities/individuals.
  • Risk‑Based Approach – Controls proportionate to risk.

16. Conclusion

This policy protects Tawaka Fusion Tech Private Limited from misuse for ML/TF and promotes a culture of compliance. All employees must adhere to these guidelines.

Visual flowcharts for CDD, Transaction Monitoring, and Reporting may be appended as exhibits and updated as processes evolve.

Implementation and Enforcement

Effective immediately; supersedes prior AML/CFT policies. Non‑compliance may result in disciplinary action up to termination of employment or business relationship.

Sign‑off

Date: 05/08/2025
Name: YUGAL KISHOR GENDLE
Title: Designated Director & CTO
Company: Tawaka Fusion Tech Private Limited