Logo

AML Policy

INTRODUCTION

We, Purple Pixel Private Limited, ("We", "Us" or "Our") actively endeavor to detect, highlight and report transactions or activities associated with money laundering and the financing of terrorism. We have implemented this Know Your Customer-Anti Money-Laundering Policy ("KYC-AML Policy") to provide a structured mechanism for onboarding Users ("User", "Customer", "You" or "Client") to our platform and for the provision of services. This KYC-AML Policy also outlines the methods and strategies to assess and manage risks associated with each Client and transaction.

We abide by directives from Law Enforcement Agencies and Courts and will comply with their orders relating to reporting suspicious accounts or transactions and sharing identity details, KYC documents, transaction records, and other information of specified users.

This KYC-AML Policy sets out obligations under the:

  1. Prevention of Money Laundering Act, 2002 ("PMLA")
  2. Prevention of Money Laundering (Maintenance of Records) Rules, 2005 ("PML Rules")
  3. Unlawful Activities (Prevention) Act, 1967 ("UAPA")
  4. The Weapons of Mass Destruction and Delivery Systems (Prohibition of Unlawful Activities) Act, 2005 ("WMDA")
  5. Anti-Money Laundering and Countering the Financing of Terrorism Guidelines For Reporting Entities Providing Services Related To Virtual Digital Assets published by the Financial Intelligence Unit – India ("FIU-IND Guidelines") (Collectively referred to as the "AML Framework")

We reserve the right, at our sole discretion, to modify, amend, add or remove portions of this KYC-AML Policy at any time without prior written notice. It is Your responsibility to review this KYC-AML Policy periodically for updates or changes. Your continued use of the Online Platform following any modification of the KYC-AML Policy will constitute acceptance of this KYC-AML Policy and any changes made to it.

You hereby expressly consent to Our continuous monitoring and collection of information and data related to Your activities on Our Online Platform for the purpose of this KYC-AML Policy and to maintain compliance with the reporting standards required by applicable laws.

DEFINITIONS

  1. "Applicable Law" shall mean any applicable statute, law, regulation, ordinance, rule, judgment, order, decree, by-law, approval from concerned authority, government resolution, directive, guideline, policy, requirement, or other circulars or notifications from any competent government or statutory body.

  2. "Computer Resource" shall have the same meaning as ascribed to it in Section 2(1)(k) of Information Technology Act, 2000.

  3. "Crypto" or "VDA" shall mean and refer to virtual digital assets as defined under Section 2(47A) of the Income Tax Act, 1961.

  4. "Customer"/"User"/"You"/"Client" shall mean any Person availing our Services through the Online Platform.

  5. "Person" includes— a. an individual, b. a Hindu undivided family, c. a company, d. a firm, e. an association of persons or a body of individuals, whether incorporated or not, f. every artificial juridical person not falling within any of the preceding sub-clauses, and g. any agency, office or branch or entity owned or controlled by any of the above persons mentioned in the preceding sub-clauses.

  6. "Client due diligence" or "CDD" means due diligence carried out on a Client. CDD involves identifying the Client and verifying their identity by using reliable, independent sources of documents, data, or information and ascertaining the true beneficial owner of the Client entity.

  7. "Cyber security incident" is a real or suspected adverse event in relation to cyber security that violates an explicitly or implicitly applicable security policy resulting in unauthorized access, denial of service or disruption, unauthorized use of Computer Resource for processing or storage of information or changes to data, information without authorization.

  8. "Officially Valid Document/OVD" means the passport, the driving license, proof of possession of an Aadhaar Number or the voter's identity card issued by the Election Commission of India.

  9. "Politically Exposed Person" (PEP) is a person who is authorized to perform prominent public functions in a country and includes governors of the state, members of Parliament, military officers, senior government and judicial executives, and heads of local bodies such as municipal corporations, among others. You could also qualify as a PEP if You are a family member or a close relative of such an individual.

  10. "Provision of Services" or "Services" shall mean any one or more than one of the following: (i) exchange between virtual digital assets and fiat currencies; or/and (ii) exchange between one or more forms of virtual digital assets; or/and (iii) transfer of virtual digital assets; or/and (iv) safekeeping or administration of virtual digital assets or instruments enabling control over virtual digital assets.

  11. "Suspicious Transaction" means a transaction, including an attempted transaction on the Platform, whether or not made using fiat currency, which under Our sole discretion: a. gives rise to a reasonable ground of suspicion that it may involve proceeds of a crime/an offence, regardless of the value involved; or b. appears to be made in circumstances of unusual or unjustified complexity or in contravention of any Applicable Law; or c. appears to have no economic rationale or bona fide purpose; or d. gives rise to a reasonable ground of suspicion that it may involve financing activities relating to terrorism. Terrorism includes transactions involving funds suspected to be linked or related to or to be used for terrorism, terrorist acts, or by a terrorist, terrorist organization, or those who finance or are attempting to finance terrorism.

CUSTOMER IDENTIFICATION AND VERIFICATION

We have implemented robust procedures to ensure we know with whom we are conducting business. Our identity verification process requires Users to provide reliable, independent source documents, data or information (e.g., national ID, international passport, bank statement, utility bill).

For such purposes, We reserve the right to collect User's identification information and take the following steps:

  1. Document Verification: Any Indian resident can open an Account with Us by providing the following documents:

    • Permanent Account Number (PAN) given by Income Tax Authorities
    • Documents for identification and proof of residence (only OVDs)
    • Live selfie from the camera
    • Other KYC documents as required to conduct CDD measures

  2. Verification Process: We utilize DigiLocker for secure verification of identification documents and to ensure the authenticity of government-issued IDs. This integration provides secure access to authentic digital documents, reducing the risk of fraudulent submissions during the KYC process.

  3. Additional Verification: We will, ourselves or through any third party, verify the information submitted by the Customers through technology tools and/or through any other independent source of information before onboarding a customer. Users will be required to verify their email address and mobile number through one-time password (OTP).

  4. Account Activation: The User's Account with Us will only be made operational for the User to avail our Services when such documents and information as mentioned above are provided by the User to Our satisfaction.

  5. Post-KYC Requirements: Post the account opening process, the User would be required to add and verify their bank account/UPI ID for making INR deposits/withdrawals.

Exclusion of Corporate Onboarding:
As part of our business model and risk-based approach, the entity currently serves only retail (individual) customers and does not onboard corporate or institutional clients. Accordingly, the following are not applicable at this time:

  • Identification and verification of corporate entities
  • Collection of constitutional/incorporation documents
  • Identification and verification of directors, beneficial owners, or related parties of legal persons

Should the company’s customer base expand in the future to include corporate clients, the AML/CFT program and policy will be updated to include appropriate procedures for legal entity onboarding in accordance with applicable regulations.

RISK MANAGEMENT AND ASSESSMENT

We follow a risk-based approach to categorize Users under low, medium, and high-risk categories, based on assessment and risk perception. This approach ensures our preventative measures are commensurate with identified risks, allowing resources to be allocated efficiently with the greatest risks receiving the highest attention.

We prepare the profile of the customer which should contain User's information relating to the customer's identity and other factors to determine the risk involved on the basis of parameters including but not limited to:

  1. Social/financial status
  2. The nature, scale, diversity and complexity of their business
  3. Deposits from multiple bank accounts or UPI IDs
  4. Withdrawals to multiple bank accounts
  5. Very frequent deposits or withdrawals
  6. Deposits and withdrawals without performing any trades
  7. Adverse media screening
  8. Politically exposed person screening
  9. The number of customers already identified as high risk
  10. The jurisdictions the entity is exposed to, especially jurisdictions with relatively higher levels of corruption or organized crime, and/or deficient AML/CFT controls and listed by RBI or FATF

A customer is classified as high risk when one or more of the following risk factors are present:

  • Politically Exposed Persons (PEPs)
  • Adverse Media: Negative, Negative news, legal cases, or public association with financial crime or fraud
  • Sanctioned or High-Risk Jurisdictions
  • Anomalous Trading Patterns: High volume transactions inconsistent with the declared source of funds or occupation
  • Rapid Movement of Funds
  • Unverifiable source of funds
  • Use of VPNs, proxies, or TOR networks to obscure origin

No User shall be informed of the risk category they are assigned, and no such confidential information shall be disclosed to the User which can tip them off to evade transacting.

KYC Re-Verification

As part of our risk-based approach, we conduct periodic KYC reviews and re-verification of customer identity documentation and information to ensure continued accuracy and compliance with regulatory expectations.

The frequency of these reviews is based on the customer's assigned risk level:

Risk Rating Review Frequency Notes
Low Risk Every 2 Years stable, verified identity and no unusual activity
Medium Risk Every 1 Year Customers with moderate transaction volumes or behavioral flags
High Risk Every 6 Months PEPs, adverse media hits, behavioural anomalies, or high-volume traders

Additional re-verification may be triggered under the following conditions:

  • Change in customer behavior or transaction pattern
  • Triggered by internal monitoring alerts or adverse media screening
  • At the discretion of the Compliance Team
  • Regulatory mandate or supervisory instruction

SANCTIONS AND PEP SCREENING

We use HyperVerge platform, a reputable third-party service provider, for enhanced PEP and AML screening of our users. This helps identify politically exposed persons and individuals on sanction lists to ensure compliance with global regulations.

For blockchain address screening, we utilize Chainalysis to monitor and evaluate the risk associated with digital wallet addresses. This screening occurs:

  1. During deposit/withdrawal process when users register their wallet addresses
  2. When reviewing any suspicious transaction patterns
  3. Through periodic re-screening of all wallet addresses in our database

We will put any deposit or withdrawal requests on hold or block any such requests if the digital wallet involved is indicated as high risk in the sanction screening tool used by Us.

Name Screening Practices

We conducts comprehensive name screening as part of both initial onboarding and ongoing monitoring to identify sanctioned individuals, Politically Exposed Persons (PEPs), and persons with adverse media presence.

(a) Ongoing Screening

We conduct ongoing name screening of all customers against:

  • Sanctions lists (e.g., UNSC, OFAC, FIU)
  • PEP databases
  • Watchlists and law enforcement lists

This is done:

  • At onboarding before account activation
  • Periodically through automated checks against updated lists
  • Upon material changes to customer information

(b) Adverse Media Screening

We screen customers against adverse media sources at onboarding and on an ongoing basis. This includes:

  • Automated screening of global news databases and watchlists
  • Checks for involvement in fraud, financial crime, terrorism, or other illicit activity

Adverse media hits are escalated to the Compliance Officer for review and potential Enhanced Due Diligence (EDD).

(c) Re-screening on Change in Corporate Ownership

Not Applicable — We currently do not onboard corporate clients, so there is no corporate ownership structure to monitor or re-screen.

ENHANCED DUE DILIGENCE (EDD)

If we identify any risk in the transaction undertaken depicting complex or unusual patterns which have no apparent economic or lawful purpose or risk associated with an account with Us which might be due to User's background or association with PEPs, We shall undertake Enhanced Due Diligence ("EDD").

Steps under EDD shall include but will not be limited to:

  1. Submission of additional information and documentation by User e.g., bank statements or other financial records for verifying the source of funds
  2. Undertake additional background checks and research to validate the true identity of a User
  3. Seeking clarification justification relating to a particular transaction or series of transactions or other User activities
  4. Implement application of additional measures to know the customer's source of funds like gathering information from publicly available sources or otherwise
  5. We may call or email to the user seeking further details of the source of the funds of the customer
  6. Conducting in-person visits, if required

Senior Management Approval:

  • Onboarding or continued engagement with a known PEP requires explicit approval from Senior Management.
  • The compliance team prepares a detailed risk assessment and EDD documentation before escalation.
  • Senior Management reviews the risk profile, source of funds, and transaction purpose before approving or rejecting the relationship.

DEPOSIT / WITHDRAWAL POLICY

Crypto Deposits

You understand and undertake that you can only deposit VDAs which are owned by You as the beneficial owner to your digital wallet on our Online Platforms. You represent that the account or wallet address used to deposit Digital Assets on Our Online Platform belongs to you and is under your exclusive control and ownership. You will be required to submit a self-declaration in this regard.

INR Deposits

Users are only allowed to deposit INR using their linked bank accounts and no other bank account or payment method can be used to deposit INR.

Withdrawal Process

We follow a strict procedure while processing any withdrawal requests from the customer to ensure that the funds are sent only to their originating source and beneficial owner. We will review all withdrawal requests from customers and verify that the funds are being withdrawn to the Linked bank account or same wallet address which was used to deposit VDAs.

In case there is a difference in the details of bank account / wallet address used at the time of deposit and provided in the withdrawal request, further details and clarifications will be required to ensure that withdrawal is being sent to the originating source or to a digital wallet under the control and ownership of the User.

TRAVEL RULE COMPLIANCE

To comply with the Travel Rule requirements, wherein the originator information needs to be shared with the counterparty exchange in case of withdrawal of VDA by the User, We shall reach out to the User to obtain additional information, in line with the AML Framework.

We will require and capture at least the following details of the originator and the beneficiary:

  1. Originator's name and PAN number or National identity number
  2. Originator's wallet address
  3. Originator's verified address as per KYC
  4. Beneficiary's Name and wallet address
  5. Beneficiary's verified address (through KYC process), unless the beneficiary is the same as the originator or the Beneficiary's wallet is hosted with a FIU registered VASP

RECORD KEEPING

We shall collect and maintain records, in the form of books or stored in a computer, of Your identity proof along with all documents and information provided by You and of all the transactions undertaken by You on the Platform, as required under the Applicable Laws/good industry practices.

We shall maintain and report to Authorities, the records of:

  1. The KYC details, documents, and data of all Users who open a User Account on the Platform
  2. The KYC details, documents, and data of all Users who undertake a transaction on the Platform
  3. Your transactions on the Platform

User's CDD records and documents (including transactions) will be kept for at least 5 years after the business relationship has ended. We shall make available the identification records and transaction data to the authorities upon request.

EMPLOYEE TRAINING

Adequate screening mechanisms as an integral part of our personnel recruitment/hiring process shall be put in place to ensure high standards and equal and fair opportunity when hiring employees.

Employee training programs are put in place so that the members of concerned staff are adequately trained in KYC/AML/CFT policy. The training covers key aspects of identifying suspicious transactions, using our screening tools (Chainalysis, DigiLocker, and HyperVerge), understanding regulatory requirements, and following internal protocols.

The focus of the training is tailored for different roles - frontline staff, compliance staff, risk management staff, audit staff, and staff dealing with new customers. The front desk staff is trained to handle issues arising from a lack of customer education. The AML training frequency is every 6 months.

TRANSACTION MONITORING

Our transaction monitoring system uses predefined rules, behavioral thresholds, and customer risk profiles to automatically flag transactions that may warrant further investigation.

Transaction Volume Thresholds:

  • Cumulative daily, weekly, and monthly transaction limits.
  • Sudden spikes in transaction volume relative to historical behavior.

Round-Tripping or Layering Patterns:

  • Rapid inflow and outflow of crypto assets or fiat.
  • Repeated conversions between tokens with no economic rationale.

High-Risk Asset or Address Interactions:

  • Use of privacy coins or mixing services.
  • Transactions to/from high-risk wallets flagged by third-party tools.

Behavioral Anomalies:

  • Unusual transaction times (e.g., late night bulk trades).
  • New device logins followed by immediate large transactions.

Geographic Risk:

  • Transactions involving jurisdictions known for high ML/TF risk or sanctions.

Monitoring Workflow & Escalation Process

  1. Real-Time Alert Generation:
    • Transactions breaching set thresholds or matching suspicious patterns generate alerts automatically.
  2. Initial Review (Level 1):
    • The compliance operations team performs an initial review of flagged transactions.
    • This involves reviewing KYC data, past activity, and transaction context.
  3. Detailed Investigation (Level 2):
    • If concerns persist, the case is escalated to a senior compliance officer for deeper investigation.
    • Additional information may be requested from the customer (e.g., source of funds).
  4. Decision and Escalation:
    • Based on the investigation:
      • Transaction may be allowed, blocked, or reversed.
      • Customer account may be temporarily suspended pending further review.
      • If a transaction appears suspicious and meets reporting criteria, an STR (Suspicious Transaction Report) is prepared.
  5. Reporting to Authorities:
    • STRs are submitted to the Financial Intelligence Unit – India (FIU-IND) in accordance with statutory guidelines.
  6. Periodic Review and Tuning:
    • Rules and thresholds are periodically updated based on evolving risk typologies, audit findings, and regulatory updates.

STR / SAR

We have a formal STR/SAR handling policy aligned with the regulatory requirements of the Financial Intelligence Unit – India (FIU-IND) under the Prevention of Money Laundering Act (PMLA), 2002. The process involves identification, escalation, investigation, decision-making, and timely reporting of suspicious transactions.

1. Detection of Suspicious Activity

Suspicious transactions are detected through:

  • Automated transaction monitoring alerts based on pre-defined rules (volume anomalies, structuring, high-risk wallets, etc.)

  • Manual escalations from customer support, operations, or other departments

  • Red flags raised during onboarding, account behavior monitoring, or upon receiving adverse media hits

2. Initial Review & Escalation

  • All alerts are first reviewed by the Level 1 Compliance Analyst.
  • If suspicion persists, the case is escalated to the Compliance Officer
  • Additional checks are performed, including customer profile review, KYC verification, behavioral analysis, and blockchain tracing (if applicable).

3. Investigation and Documentation

  • A detailed internal investigation is conducted using:
    • KYC records
    • Transaction logs
    • Communications with the customer (if applicable)
    • Blockchain analytics (via third-party tools)
  • A case file is maintained including investigation notes, evidence, screenshots, and risk rationale.

4. STR Filing Decision

  • The final decision to file an STR rests with the CO.
  • The decision is guided by whether there is reasonable suspicion of:
    • Money laundering
    • Terrorist financing
    • Use of the platform for illegal or fraudulent purposes

5. Filing of STR with FIU-IND

  • If an STR is warranted:
    • It is filed electronically via the FINnet gateway of FIU-IND.
    • The report includes all mandatory details as prescribed under FIU guidelines (customer details, transaction data, risk narrative, etc.).
    • The filing is kept confidential, and no communication is made to the customer.

6. Post-Filing Obligations

  • A record of the STR filing and investigation is retained securely for at least 5 years.
  • STR trends and high-risk indicators are fed back into the TM rule calibration process.
  • Regular audits are conducted to ensure policy compliance and process effectiveness.

Confidentiality

As per Indian law, all STR-related information is handled with strict confidentiality, and internal access is restricted to designated compliance officers and senior management.

COMPLIANCE OFFICER

We have designated a Compliance Officer whose duty is to ensure the effective implementation and enforcement of the AML/KYC Policy. It is the Compliance Officer's responsibility to supervise all aspects of Our anti-money laundering and counter-terrorist financing efforts, including but not limited to:

  1. Collecting Users' identification information
  2. Establishing and updating internal policies and procedures for compliance
  3. Monitoring transactions and investigating any significant deviations from normal activity
  4. Implementing a records management system for appropriate storage and retrieval of documents
  5. Updating risk assessment regularly
  6. Providing law enforcement with information as required under the applicable laws and regulations

The Compliance Officer is entitled to interact with law enforcement agencies involved in prevention of money laundering, terrorist financing and other illegal activity.

CONCLUDING PROVISIONS

We have made every effort to ensure that this Policy adheres to the applicable laws. The invalidity or unenforceability of any part of this Policy shall not prejudice or affect the validity or enforceability of the remainder of this Policy. This Policy does not apply to any information other than the information collected by Us through the Platform.

feoLogo

Company

Support CenterTerms of UsePrivacy PolicyAML PolicyCookie Policy

Products

Spot TradingFeo pay
Easy Swap
Buy / Sell

Community

The information provided here is for general informational purposes and does not constitute investment advice, nor does it recommend or solicit buying, selling, or holding any VDA/CryptoAsset or engaging in specific trading strategies. Feo stands firm in its policy to abstain from any actions intended to manipulate the price of specific VDA/CryptoAssets, whether to increase or decrease their value. Certain crypto products and markets operate without regulation, potentially leaving users without the protection typically afforded by government compensation or regulatory safeguards. The volatile characteristics inherent in crypto-asset markets can result in the loss of funds. Tax obligations may apply to returns and value increases of your VDA/CryptoAsset; seek independent tax advice for your specific situation.
Charts powered by TradingView © 2025 Purple Pixel Pvt Ltd. All rights reserved.