Anti-Money Laundering Policy and Know Your Customer Policy

The primary goal of this Policy is to protect Delta Exchange India (“Company”) and its Users by establishing a robust framework to detect and prevent Financial Crime. The Company is committed to complying with the Prevention of Money Laundering Act, 2002 (“PMLA”) read with PMLA (Maintenance of Records) Rules, 2005 (“PMLR”), Unlawful Activities Prevention Act, 1967 (“UAPA”) and in each case, its underlying rules and regulations, and all other applicable laws for the time being in force within the territory of India (“Financial Crime”), to ensure its platform is not used for money laundering or terrorism financing or any other illegal activity, even unintentionally. This document sets its minimum standards for verifying identities and monitoring transactions to maintain a safe, legal trading environment. By adhering to these rules, the Company ensures compliance with all applicable Indian laws and regulations. The Company also strives to fully extend its full cooperation to the Indian regulatory authorities possible.

This Policy applies to all Users, the Company, and its employees to ensure a safe trading environment. It covers every transaction, interaction, or service provided through the Company’s digital platforms. The Company monitors activities on the Platform using a risk-based approach to detect and prevent Financial Crime. By accessing its services, the User agrees to comply with these standards, as they are an essential and binding part of the relationship.

The Company’s compliance framework is managed by a structured team of designated personnel who ensure platform integrity through rigorous oversight and action. These individuals are responsible for reviewing suspicious activity, including any transactions undertaken by a User, filing required reports with the FIU-IND, and maintaining seamless communication with government agencies. Beyond reporting, they set risk-based metrics, conduct internal training, and ensure that all necessary KYC documentation is collected across departments. While the Company may maintain services during a review, these officers have the sole discretion to implement enhanced security measures, including but not limited to deboarding Users, partial or complete blocking of user accounts and any other necessary steps required to prevent financial crime. Any significant policy breaches are escalated directly to the Board of Directors to ensure total regulatory transparency and accountability.

The Company identifies its customers by performing due diligence by verifying their identity using official documents, sometimes with the help of trusted third-party service providers like identity verification experts. To keep the platform safe, the Company monitors transactions for suspicious indicators. This includes but is not limited to transactions that may be linked to terrorist financing or involve suspected laundered funds. When such indicators are triggered, the Company first obtains all requisite information from the user as part of its investigation. The Company then analyses the information and based on the outcome, files Suspicious Transaction Reports (“STRs”) with the Financial Intelligence Unit (“FIU-IND”), where required. If the Company detects such activity, it is legally required to immediately report it to the FIU-IND.

5.1

To comply with the applicable Indian laws and guidelines as issued by the FIU-IND and under the PMLA, KYC norms, etc., the Company performs requisite due diligence, which includes but is not limited to verification of onboarding KYC data, periodic updation of submitted KYC data submitted by the users and continuous monitoring of user transactions throughout the relationship. While onboarding, the Company must perform mandatory due diligence to verify the User’s identity as per the internal “Client Acceptance” framework. Regardless of whether the User is an individual or representing a business, the User is required to submit valid identification and address documents during the onboarding process. These checks are essential to ensure the Company’s platform remains secure and fully compliant with all governing regulatory guidelines.

5.2

To ensure that the money on its platform comes from legal activities, the Company may ask the User to verify their Source of Funds or their Source of Wealth. This is required for high-value transactions or certain account types or in cases as determined by the Company’s internal risk assessment.

5.3

If the User is a Politically Exposed Person (“PEP”), which includes individuals in prominent public positions, their family members, or close associates, the Company applies Enhanced Due Diligence (“EDD”). This involves a review by its senior management and a request for documents to help the Company understand the source of the User’s funds and overall wealth. These steps are standard industry practice to ensure the highest level of transparency and safety on the platform.

To maintain a secure platform, the Company classifies all Users into Low, Medium, or High-Risk categories based on factors like their background, nature of business, and transaction patterns. These thresholds are determined by the Company’s internal compliance team to ensure that higher-risk accounts receive more frequent and detailed reviews. The Company conducts AML/CFT risk assessments periodically and at least once every six months, or more periodically where required. By using the platform, the User acknowledges that their account may be subject to different levels of monitoring depending on this risk assessment to ensure ongoing compliance with laws of Financial Crime.

To ensure the safety of its platform, the Principal Officer, along with the compliance team, continuously monitors all User activities and transactions. Based on internal risk thresholds as determined by the compliance function, the Company flags and reviews the suspected transactions. If the identified transactions suggest potential money laundering or terror financing, the Principal Officer/Senior Management is legally required to forthwith suspend the activity and file a report with FIU-IND as soon as reasonably possible.

8.1

To ensure compliance with applicable Indian law and data privacy standards, the Company records all User platform activities, including but not limited to transaction details, invoices, fund transfers and correspondence for at least five years from the date of the transaction or the end of the business relationship. Further, the Company never keeps “off-book” records to hide improper payments. The said retention period may be modified in accordance with applicable laws and any amendments. This data is organized so that transactions can be reconstructed if requested by government/law enforcement authorities for legal investigations.

8.2

Also, in accordance with the Digital Personal Data Protection (“DPDP”) Act, the Company handles all User data with strict confidentiality, ensuring it is used only for lawful purposes and protected by robust technical safeguards. Access to User information is restricted to authorized personnel on a “need-to-know” basis, and the Company ensures that data is securely disposed of once the legal retention period expires.

To ensure its records remain accurate and up to date, the Company performs Periodic KYC Updates for all its Users. In accordance with its internal compliance standards, User information and identification documents will be reviewed periodically, based on risk classification, at least once every six months. This ongoing verification ensures that the User’s account remains in good standing and continues to meet the latest regulatory requirements. The Company will notify the User when an update is due, and timely cooperation is essential to maintain uninterrupted access to platform services.

The Company is committed to cooperating with Indian law enforcement Agencies, Court(s) of Law, and regulatory bodies like the FIU-IND. The Company may disclose the AML/CFT information of the User to comply with the ongoing investigation by law enforcement agencies, or to prevent illegal and unethical activities. Additionally, User data may be reviewed during internal audits to ensure the Company’s compliance systems remain effective and secure, strictly in compliance with the laws.

Users must ensure that all submitted information is legitimate and strictly refrain from any activity involving money laundering or illegal financing. The User is responsible for identifying beneficial owners when acting for a legal entity and must provide updated proof of address within six (6) months of any changes. By using the Platform, the User consents to be bound and governed by these terms and any future policy updates made to ensure continued regulatory compliance.

The Company maintains a zero-tolerance approach toward money laundering, bribery, and corruption, which is communicated to all agents, suppliers, and business partners at the start of any relationship. To ensure compliance, all third parties are provided with this Policy, and an undertaking to adhere to its standards is integrated into every contractual agreement. Relevant departments will consistently reiterate these expectations to ensure that all business partners remain aligned with the Company’s legal and ethical obligations.

The Principal Officer, in coordination with Senior Management, is responsible for the ongoing implementation and oversight of this Policy. To ensure continued effectiveness, the Company conducts a formal review of the Policy annually, or on an “as-needed” basis to address operational shifts, or immediately upon any legislative amendments/regulatory changes. The Company reserves the right to update these terms at any time to maintain the highest standards of compliance and platform integrity.

To ensure the safety of its entire ecosystem, the Company carefully vets all third parties it works with, including vendors, agents, and service providers. Before the Company partners with any third party, it conducts due diligence to check their reputation and ensure they have strong anti-money laundering controls in place.

Official notices or communications, including any updates and/or amendments regarding this Policy, will be published directly on the platform. If the User has any questions, concerns, or needs to report suspicious activity, they may reach out to the Compliance Team and/or the designated point of contact: [email protected]

The Company reserves the right to amend, modify, update, or replace this Policy, in whole or in part, at any time, to reflect changes in applicable laws, regulatory requirements, internal controls, or business practices. Such changes shall be effective immediately upon publication on the Platform and may be made without prior notice to Users. Continued use of the Platform after such publication constitutes acceptance of the updated Policy.

This Policy is intended solely for regulatory compliance and internal governance and does not create any rights, benefits, or obligations in favour of any User or third party, except as required under applicable law.

If any part of this Policy is found to be invalid or unenforceable by any law, that specific part will be removed. This will not affect the rest of the Policy, which will remain in full force and effect.

Any failure or delay by the Company in exercising any right, power, or remedy under this Policy shall not constitute a waiver of such right, power, or remedy.

Not withstanding anything contained in this Policy, the Company shall comply with any directions, orders, or requirements issued by applicable regulatory or law enforcement authorities, including FIU-IND, and such directions shall prevail over this Policy to the extent of any inconsistency.

This Policy is published for transparency and informational purposes only and does not constitute legal, tax, financial, or investment advice. Nothing contained in this Policy should be construed as creating any contractual, fiduciary, or advisory relationship between the Company and any User. Users are encouraged to seek independent professional advice where required.