BitRupi Compliance Policy

The following policy document is meant to familiarize the reader with BitRupi’s compliance policy (KYC, AML, ATF/CFT and tax regulation).

Definitions

A ‘customer’ is defined as :

a person or entity that maintains an account with BitRupi; one whose wallet address is used to login on BitRupi; one on whose behalf the account is maintained (i.e. the beneficial owner), and beneficiaries of transactions conducted by professional intermediaries, such as Stock Brokers, Chartered Accountants, Solicitors etc. as permitted under the law

BitRupi refers to a product brand wholly owned by Timechain Labs Private Limited for now, but may in future become incorporated on its own and legally separate from Timechain Labs. BitRupi is a non-custodial top-up provider that aims to solve the liquidity problem pertaining to certain select enterprise utility blockchain tokens. Non-custodial here refers to the fact that the customer owns their wallet encryption keys and is fully in control of the tokens held in their wallet. Token transfers to and from BitRupi wallets are recorded on the BSV blockchain for eternity.

On-ramp refers to the process of buying blockchain tokens offered by Bitrupi in exchange for fiat currency (INR).

Off-ramp refers to the reverse process, i.e., that of exchanging tokens for fiat currency (INR).

Wallet refers to applications that can hold and spend mutually compatible blockchain tokens. Login on BitRupi is allowed only for users of select trusted wallet providers such as NeucroN, Handcash, Moneybutton, Dotwallet and Volt.

KYC or “know your customer” is to be understood as per the definition introduced by the Government of India in the Prevention of Money Laundering Act of 2002.

AML: Anti-money laundering.

ATF/CFT: Anti-terrorism financing or combating financing of terrorism.

Purpose

Blockchain technology holds tremendous potential for positively transforming our society by doing away with the need for a trusted third party and introducing the idea of immutable timestamps. On the other hand, a teeming variety of virtual digital assets derived from a host of blockchains have been used for the purposes of money laundering, terrorism, cyber crimes, human trafficking, trade of illicit substances and other illegal activities. In order to assist governments and law and order agencies, it is incumbent upon us to clearly outline our policy with respect to each customer and their transactions with BitRupi.

The chief objectives of this policy and its implementation are:

guaranteed reasonable privacy as enshrined in the constitution but no anonymity for the customer

flagging suspicious on- and off-ramp transactions

fighting tax evasion

preventing the reintroduction of the proceeds of illegal activities

KYC policy

Customer acceptance policy and due diligence BitRupi is not a cryptocurrency exchange, but rather buys and sells select enterprise utility blockchain tokens on behalf of its customers (for a small service fee) without incurring any profit or loss in the process. BitRupi reserves the right to refuse service to: customers whose names are found on global sanctions and financial crimes watch lists; customers without a valid use case (see AML policy for information on what constitutes a valid use case) for the blockchain tokens being bought, or a legitimate source of earned blockchain tokens (in case of off-ramp usage).

Customer education BitRupi shall seek to keep its customers regularly updated on government regulation and the consequences associated with non-compliance such as in case of say, tax evasion at the time of off-ramp usage.

Customer identification The KYC process shall be in the following order: e-mail/phone verification via OTP and checking if they are the same as provided by the wallet provider address and date of birth is submitted by the user check whether Aadhaar and PAN cards are linked Aadhaar number is masked and stored on database last 3 digits of adhaar mobile number is matched with the phone number entered for verification, and the user is prompted for either updating Aadhaar records of mobile number, or changing the mobile number used for OTP verification in case of a mismatch date of birth from PAN is used to check whether the person is above eighteen years of legal age ‘penny drop’ mechanism to check the validity of bank account details check whether the linked bank account is held by a person of the same legal name as mentioned in Aadhaar and PAN cards

AML and ATF/CFT compliance policy

Limited use case agreement between the customer and BitRupi Businesses and individuals dealing with BitRupi in the capacity of a customer would be required to make a declaration of their anticipated use case and/or source of earned blockchain tokens (such as from a P2E metanet application, among many other possibilities) while accepting the terms and conditions of service. This data shall be saved to their account. Customers that are later on found to be using the blockchain tokens bought via BitRupi for purposes other than those declared and/or offloading tainted tokens to BitRupi would be considered in violation of the policy and are liable to be banned and having their wallets reported.

Following are some of the acceptable use cases: spending/earning blockchain tokens or their derivatives on metanet websites and applications that require micropayments RBI regulation compliant peer-to-peer payments of blockchain tokens or their derivatives to/from other KYC-ed personal/merchant wallets

Digital payments in lieu of illegal products and services would be in complete violation of the agreement.

Transaction limits

BitRupi shall enforce a Rs. 1,00,000 per day per wallet limit on on- and off-ramp transactions. Frequent buying/selling within hours from a single wallet will automatically raise an algorithmic red-flag and the account could be suspended pending inquiry.

Scanning global sanctions and AML/ATF (CFT) lists BitRupi has partnered up with companies that provide screening services with respect to names of individuals and business entities on global blacklists, as well as those that provide blockchain intelligence in order to red-flag suspicious wallets or wallets that have transacted with wallets involved in suspected or proven criminal activity. In all such cases, information shall be conveyed to the FIU and the accounts shall be suspended pending inquiry and a clean chit from authorities.

AML/ATF (CFT) compliance officer A compliance officer shall be appointed from within the organization and the name shared with the relevant authorities. The said executive shall be responsible for updating the compliance policy and implementing it at the earliest; as also employee training and customer education in this regard.

Maintenance of records of transactions All financial transactions (irrespective of amount) shall be recorded and saved at the very least for the period stipulated by the government regulation (five years). Whereas the data pertaining to the transfer of blockchain tokens from and to the floating wallet of BitRupi stays on the blockchain (public ledger) forever, details of fiat (INR) transactions to/from the BitRupi bank account shall be saved and maintained for at least five years.

Reporting suspicious transactions to Financial Intelligence Unit India (FIU-IND) The compliance officer shall be in-charge of monitoring suspicious transactions and sharing the data with the relevant authorities. In addition, they would also be available for consultation on matters of concern. The data would be relayed through secure channels only.

Standard operating procedure in case of red-flags The immediate priority in such cases shall be (in order of importance): sending a quick report to FIU-IND and other relevant authorities sharing information with the wallet provider so that the wallet is frozen compiling a detailed report of all transactions by the customer in question after raising a query with our blockchain intelligence partners

Employee training All new employees at BitRupi shall go through a compulsory training program in order for them to stay abreast with the latest regulations and industry standards.

Tax regulation compliance policy

BitRupi is committed to the Government of India’s latest tax regulations with regards to cryptocurrency transactions. All on- and off-ramp transactions amounting to a sum greater than Rs. 10,000 (or multiple transactions from the same customer in a given financial year amounting to greater than Rs. 50,000) shall attract a 1% TDS which facilitates the reporting of the transaction to the authorities. It shall be the duty of the customer to report and pay 30% tax on profits from off-ramp transactions resulting in profit, or from the sale of net blockchain token earnings from third party Metanet applications.

Since BitRupi does not make any profits from the sale of blockchain tokens (owing to instant buy/sell triggers), BitRupi is not liable to pay the 30% crypto tax on crypto bought and sold by the customers.. However, GST charges shall apply and be paid as per current rules.