This KYC (Know Your Customer) and AML (Anti-Money Laundering) Policy explains PAYOTRIX’s requirements and procedures to verify user identity, prevent illicit financial activity, and comply with relevant legal and regulatory frameworks.
This Policy governs the onboarding, verification, monitoring, and ongoing diligence processes for all merchants and users on PAYOTRIX. Its purpose is to prevent misuse of the platform for money laundering, terrorist financing, or other illegal activities in compliance with RBI guidelines, PMLA 2002, FATF Standards, and EU AML Directives.
This Policy applies to:
All registered merchants using PAYOTRIX
Customers and API users initiating transactions
PAYOTRIX internal staff and third-party agents involved in verification
Transactions processed via PAYOTRIX redirection links
PAYOTRIX adheres to Indian regulations, including:
Prevention of Money Laundering Act, 2002 (PMLA)
RBI Master Direction on KYC, 2017
Information Technology Act, 2000 SPDI Rules
International AML regimes (FATF, EU AMLD, USA PATRIOT Act)
This ensures compliance with multi-jurisdictional legal requirements.
PAYOTRIX uses a tiered risk-based approach:
Tier 0: Basic verification with email/mobile (no gateway access)
Tier 1: Identity proof + address proof; limited gateway use
Tier 2: Full KYC (PAN, GSTIN, business documents); unfettered access
Each tier unlocks progressively higher transaction limits and features.
Merchants must submit:
Government-issued photo ID (Aadhaar, Passport, Driving License)
PAN card
Selfie-based biometric verification (via third-party vendor)
Identity documents must be valid, legible, and unexpired, with automated OCR and manual review.
Proof of address documents required include:
Valid passport or driving license
Recent utility bills (<= 3 months old)
Bank statements or government-issued letters
All documents must match the business address submitted during onboarding.
For corporate or partnership entities, PAYOTRIX requires:
Certificate of incorporation
GST registration (if applicable)
Partnership deed or Articles of Association
Board resolution or authorized signatory letter
These ensure the legitimacy of the business relationship.
PAYOTRIX requires identification of all UBOs holding >25% equity. UBOs must provide:
Identity & address proofs
Declarations regarding ownership structure
This prevents shell company misuse.
During KYC, PAYOTRIX screens UBOs and signatories for PEP status. Identified PEPs undergo:
Enhanced due diligence (EDD)
Manual approval by senior compliance personnel
Records are maintained longer per regulatory obligation.
PAYOTRIX conducts automated screening against:
RBI debarment lists
UN, EU, UK, US Treasury OFAC sanctions
Domestic crime watchlists
Matches trigger an account hold and an investigation.
PAYOTRIX monitors behavioral patterns, including:
Unusual transaction volume/frequency
Multiple gateway redirects across geographies
High-dollar single transactions beyond thresholds
Alerts are triggered for compliance review or temporary hold.
KYC documents and transaction logs are retained for a minimum of 5 years post-account deactivation, as mandated by PMLA and RBI. Archived files are encrypted and stored in secure, auditable repositories.
PAYOTRIX conducts:
Annual re-verification of high-risk merchants
Periodic refresh of KYC documents
The notification triggers if official documents expire
Non-compliance leads to service suspension.
Merchants are categorized based on:
Type of business
Transaction volume
Jurisdiction
Product/service offered
High-risk merchants (e.g., gaming, cross-border e-commerce) receive intensified scrutiny.
PAYOTRIX compliance staff undergo regular training on:
KYC procedures
AML typologies and red flags
Geopolitical risk screening
New regulatory guidelines
Records of training activities are maintained.
Every merchant is designated a Risk Officer for CDD. Checks include:
Identity review
Document authenticity
Source of funds verification (for high-risk cases)
Watchlist checks
This ensures legitimacy before account activation.
EDD is performed when:
Merchant is a PEP
High-value transactions are frequent
Jurisdiction is high-risk
EDD includes senior-level approval, detailed source verification, and periodic reporting.
Any suspicious transactions or merchant behavior triggering alert codes are reported within 7 days to the Financial Intelligence Unit – India (FIU‑IND) and the RBI.
PAYOTRIX uses AI-assisted tools for:
OCR ID verification
Biometric selfie match
Watchlist screening
Transaction anomaly detection
All tools are audited annually for accuracy and false positive rates.
Merchants flagged for KYC/AML issues receive:
Email notification with details
72-hour window to provide additional documents
Escalation to the senior compliance officer if unresolved
Failure leads to suspension.
Non-compliant accounts are:
Temporarily suspended pending remediation
Deactivated after 30 days of non-compliance
Permanently terminated if fraudulent activity is confirmed
All actions are logged and communicated.
PAYOTRIX logs all KYC verification steps:
Timestamped document review notes
Screening results and risk scores
SAR and compliance actions
These form part of the audit trail for legal compliance.
Third-party vendors are engaged under:
Data Processing Agreements (DPAs)
Annual security certification reviews
On-site and remote audit clauses
Only compliant providers with ISO or equivalent certifications are selected.
All KYC data is processed in line with PAYOTRIX’s Privacy Policy and SPDI Rules. Users can seek corrections or access their data as per policy norms.
PAYOTRIX maintains liaison channels with:
RBI
FIU-IND
CERT-IN
International regulators (FATF, EU AML bodies)
This assures readiness for compliance updates.
Upon valid legal request (court order, agency summons), PAYOTRIX will provide KYC/AML records to authorities while informing users unless legally prohibited.
RBI or external auditors may conduct periodic inspections. PAYOTRIX maintains documentation, system logs, and KYC records for auditability.
PAYOTRIX risk modules assign risk scores and trigger monitoring based on:
Age of documents
Jurisdiction
Transaction patterns
It enhances proactive mitigation.
KYC+AML findings are shared with payment aggregators during onboarding. Merchants failing gateway-imposed KYC are blocked from connecting.
PAYOTRIX prohibits merchants from circumventing sanctions by using proxies or alternate identities. Detection leads to immediate termination and reporting.
Special monitoring for merchants facilitating multi-jurisdiction transactions. Alerts are triggered based on:
High volumes from blacklisted geographies
Structured transactions via multiple gateway tokens
This Policy is reviewed semi-annually, or upon major regulatory updates by RBI, FATF, or global AML bodies. The updated policy is published and notified to users.
All PAYOTRIX employees with system access are background-checked and sign confidentiality and compliance agreements before onboarding.
PAYOTRIX maintains a hierarchical compliance team:
Chief Compliance Officer (CCO) – oversight and policy updates
KYC Officers – merchant verification
Risk Analysts – transaction monitoring
This ensures accountability and continuous improvement.
Violations of KYC/AML may result in:
Suspension without notice
Financial penalties
Reporting to authorities
Permanent denial of services
On account termination, KYC and compliance records are archived securely and retained for regulatory retention periods. They are not accessible to users but are provided to legal authorities when required.
Merchants may contest AML/KYC decisions within 15 days by submitting new evidence. Appeal submissions are reviewed by senior compliance staff within 10 business days.
This KYC/AML Policy is consistent with:
Privacy Policy
Terms & Conditions
Dispute/Grievance Policies
In case of conflict, the stricter provision will apply.
Merchants must:
Promptly notify PAYOTRIX of changes in business structure, ownership, or control
Ensure submitted documents are updated and accurate
Cooperate during audits, investigations, or licensing procedures
Failure to cooperate may lead to account suspension.
PAYOTRIX provides merchants with documentation and guidance on:
KYC process
AML obligations
Transaction monitoring expectations
Training materials are available via the dashboard knowledge base.
PAYOTRIX reserves the right to amend this KYC/AML Policy without prior notice in response to regulatory changes or internal risk assessment. Users are responsible for reviewing this page periodically.
