HUMB

AML & KYC Policy

1. Introduction & Purpose

This Anti-Money Laundering and Know Your Customer Policy ("AML & KYC Policy") sets out the principles and procedures adopted by HUMB Exchange ("HUMB", "Company") to prevent money laundering, financing of terrorism, fraud, and misuse of its platform.

This policy establishes HUMB’s framework to identify, verify, monitor, and manage customer risk in compliance with applicable AML/CFT laws and international standards. It applies to all users accessing HUMB’s website (www.humb.io), mobile applications, and related online platforms (collectively, the "Online Platforms").

By using the Online Platforms, users consent to the terms of this AML & KYC Policy and the User Terms and Conditions.

2. Scope

This policy applies to:

  • All individual and corporate customers
  • All products and services offered by HUMB
  • All employees, contractors, and management
  • All transactions, including deposits, withdrawals, and transfers

This policy is to be read together with the User Terms and Conditions and may be updated from time to time. Changes apply prospectively.

3. Legal & Regulatory Framework

This policy is aligned with:

  • FATF Recommendations, including Recommendations 1, 10, 12, 15, 16, and 21
  • Prevention of Money Laundering Act (PMLA), 2002
  • Prevention of Money Laundering Rules, 2005
  • FIU-India AML/CFT Guidelines
  • Applicable international best practices for Virtual Asset Service Providers (VASPs)

4. What is AML (Anti-Money Laundering)?

Anti-Money Laundering refers to controls and procedures designed to prevent the concealment, possession, use, or projection of proceeds derived from criminal activity, including offences under the Prevention of Money Laundering Act, 2002.

5. What is KYC (Know Your Customer)?

Know Your Customer is the process of identifying and verifying a customer’s identity to ensure that services are provided only to legitimate users and to assess the risk of financial crime.

6. AML/CFT Governance Structure

6.1 Board of Directors / Designated Director

  • Approves the AML/CFT policy
  • Oversees overall AML/CFT risk management

6.2 Compliance Officer

  • Responsible for AML/CFT implementation
  • Approves high-risk customers and Enhanced Due Diligence
  • Oversees escalation and reporting of suspicious transactions

6.3 Compliance Team

  • Conducts KYC, EDD, and transaction monitoring reviews
  • Investigates alerts and escalates suspicious cases

6.4 Employees

  • Follow AML/CFT procedures
  • Escalate unusual or suspicious activity

7. Customer Identification & Verification Process

7.1 Account Registration

Customers are required to provide:

  • Full legal name
  • Date of birth
  • Nationality and country of residence
  • Email address and mobile number (OTP verified)
  • Residential address
  • Consent for KYC and AML checks

7.2 KYC Verification

HUMB initiates KYC using Sumsub as the verification service provider. Customers submit:

  • Government-issued identity documents
  • Live selfie or liveness check

Sumsub performs:

  • Document authenticity checks
  • Biometric verification
  • Sanctions, PEP, and adverse media screening
  • Fraud and duplicate account checks

8. KYC Outcomes

KYC verification may result in:

  • Approved – Identity verified and account activated
  • Retry – Customer must resubmit documents
  • Manual Review – Requires compliance assessment
  • Rejected – Verification cannot be completed

9. KYC Information Collected

HUMB may collect, as applicable:

  • Identity documents such as PAN, Aadhaar, passport, driving licence, voter ID, or other government-issued documents
  • Proof of address
  • Biometric verification data
  • Beneficial ownership information for juridical persons
  • Source of Funds and Source of Wealth information for high-risk cases

10. Risk-Based Approach

HUMB applies a risk-based approach whereby:

  • Higher-risk customers and transactions receive enhanced scrutiny
  • Lower-risk customers are subject to standard controls

Risk factors include:

  • Customer type (individual, corporate, PEP)
  • Geography
  • Product and transaction type
  • Wallet and transaction behaviour

11. Customer Due Diligence (CDD)

HUMB performs CDD before onboarding any customer, including:

  • Identity verification
  • Sanctions, PEP, and adverse media screening
  • Risk classification

No customer may transact on the platform without successful completion of CDD.

12. Enhanced Due Diligence (EDD)

EDD is applied to high-risk customers and situations, including:

  • Politically Exposed Persons (PEPs) and related close associates
  • High-risk jurisdictions
  • Unusual or high-value transactions
  • Complex ownership structures

EDD may include:

  • Source of Funds checks
  • Source of Wealth checks
  • Additional documentation and approvals

13. Ongoing Monitoring & Transaction Surveillance

HUMB monitors customer activity to identify suspicious or unusual behaviour, including:

  • Large or unusual transactions
  • Structuring or repeated small transactions
  • Wallets linked to illicit activity or sanctions
  • Transactions inconsistent with the customer profile

Monitoring is supported by automated tools and manual review.

14. Prohibited Activities

Customers must not use HUMB’s services for any prohibited activities, including:

  • Fraud
  • Corruption or bribery
  • Collusion
  • Terrorist financing
  • Criminal conduct
  • Money laundering

HUMB reserves the right to restrict or terminate accounts and report suspicious activity to appropriate authorities.

15. Reporting of Suspicious Transactions

Suspicious activities are escalated internally to the Compliance Officer / MLRO for assessment. Customers are not informed of such assessments to comply with no-tipping-off requirements.

16. Record Keeping & Data Retention

HUMB maintains records of:

  • Customer identification and KYC documents
  • Transaction data
  • AML alerts and investigations

Records are retained for a minimum of five (5) years after the end of the customer relationship.

17. Data Privacy & Security Measures

  • Customer data is stored securely
  • Access is restricted on a need-to-know basis
  • AML/CFT information is treated as confidential

18. User Responsibilities

Users are responsible for:

  • Providing accurate and up-to-date information
  • Submitting valid documents belonging to them
  • Updating address and identity details when required
  • Not engaging in prohibited activities

19. Non-Compliance & Account Restrictions

Failure to follow through by this guideline could lead to:

  • Account restrictions or termination
  • Internal escalation and reporting to competent authorities

20. Training & Awareness

HUMB provides AML/CFT training:

  • At onboarding
  • Periodically
  • When regulatory or internal process changes occur

21. Independent Review & Audit

AML/CFT controls are subject to periodic internal or external review. The Board and senior management are informed of the findings.

22. Policy Updates & Amendments

This policy is reviewed:

  • Annually
  • Upon regulatory updates
  • Upon material changes in business or risk profile

All updates require approval from designated oversight.

23. Disclaimer

This AML & KYC Policy is published for compliance and informational purposes only and does not constitute legal advice or imply regulatory approval.