Scope and Applicability

This Know Your Customer (KYC) and Anti-Money Laundering (AML) policy governs Asha777's implementation of identity verification, ongoing monitoring, and related reporting obligations for all users of the platform. It applies to prospective applicants, registered customers, and any person who uses or seeks to use the services offered by Asha777, including all payment methods and account activities.

Regulatory Foundation

Asha777 applies a risk-based approach aligned with recognized standards for anti-money laundering and countering the financing of terrorism. The policy supports compliance with applicable data protection laws and the licensing framework under which Asha777 operates. Personal data collected under this policy is processed solely for onboarding, due diligence, ongoing monitoring, and regulatory reporting, and is handled by the designated data controller within secure systems.

Evidence-Based Risk Framework

Risk assessment is conducted on a rolling basis and classifies risk across three domains:

  • Country/Geographic risk: jurisdictions identified as high risk, with sanctions, or lacking robust AML/CFT regimes;
  • Customer risk: factors including age verification, political exposure, beneficial ownership, and documented business activity;
  • Transaction risk: unusual or high-volume activity, rapid changes in funding sources, or use of multiple devices or payment methods.

Onboarding and Standard Verification

Standard verification is triggered by objective thresholds or risk indicators and requires submission of verifiable information and documents. The documents may include, but are not limited to:

  • Government-issued identification showing full name and date of birth;
  • Proof of residential address dated within the last three months (e.g., utility bill, bank statement);
  • Payment method verification evidence (e.g., a photo of the payment card, with the cardholder name visible);
  • A recent photograph of the user holding the identification document, where required by compliance checks;
  • Additional documents as reasonably requested by the compliance team (for example, bank statements or official correspondence to confirm address).

On completion, data is processed and retained in accordance with applicable data protection laws. If live verification is required, the user will be contacted to schedule a session through secure channels.

Thresholds and Triggers for Verification

The aggregate value of transactions conducted on the platform that reaches or exceeds USD 1,000 triggers standard verification, together with any other indicators of risk or unusual activity. Verification decisions are documented, with results communicated to the user through secure channels. Failure to complete verification may result in restricted access to certain features or the suspension of account activity until compliance requirements are satisfied.

Enhanced Due Diligence (EDD)

EDD is applied where there is significant risk identified due to geography, customer profile, or transaction patterns. Additional requirements may include:

  • Source of wealth and source of funds documentation (e.g., employment income, tax records, bank statements);
  • Verification of beneficial ownership and business activities where applicable;
  • Senior management review and final verification decision;
  • Regulatory reporting or escalation to authorities as required by law.

Ongoing Monitoring and Suspicious Activity

All account activity is subject to continuous monitoring for suspicious patterns. Indicators may include, but are not limited to:

  • Excessive or irregular depositing activity;
  • Frequent changes of payment methods or devices within short timeframes;
  • Use of multiple devices, IP addresses, or geolocations inconsistent with declared residency;
  • Refusal to complete verification or to provide required information;
  • Unusual transaction sequences or attempts to obscure origin or destination of funds.

When suspicious activity is identified, the compliance team will evaluate the risk and may restrict access, request further verification, or report to appropriate authorities in accordance with applicable law.

Transactions Monitoring: Deposits and Withdrawals

Transactions must comply with identity and ownership controls. Rules include:

  • The name on a payment card or funding instrument must match the account holder’s registered name;
  • Electronic wallets or funding accounts linked to the platform must use the same registered email address as the account holder;
  • Deposits from devices or instruments that cannot be reliably linked to the account may be blocked; withdrawals should be made to a verified instrument or to a method that can be reliably traced to the user;
  • The platform does not process anonymous crowdfunding, unverified payments, or withdrawals to third-party accounts without appropriate verification.

All withdrawal flows are designed to ensure that funds are returned to the original funding source where possible, subject to verification outcomes and regulatory requirements.

Record-Keeping and Data Retention

All KYC files, supporting documents, and transaction records are retained for a minimum of eight (8) years from account activity or closure, in accordance with applicable law and licensing requirements. Records are maintained securely and are accessible to authorized personnel for compliance reviews and to regulators as required. Data processing complies with GDPR and equivalent data protection regimes applicable to the jurisdiction of operation.

Data Security and Confidentiality

Personal data collected under this policy is treated as strictly confidential. Access is restricted to appropriately designated personnel, and data is stored and transmitted using industry-standard security controls, including encryption at rest and in transit, with regular access audits and breach response procedures.

Amendments and Communications

Asha777 may amend this policy at any time. Material changes will be communicated through secure in-platform notices and, where appropriate, additional channels. Continued use of the platform after notification constitutes acceptance of the revised policy.

Governing Law and Compliance

This policy is governed by the applicable licensing regime and the laws relevant to financial crime prevention within the jurisdiction of operation. Asha777 reserves the right to take any action permitted by law to ensure compliance, including reporting to regulatory authorities when warranted by the circumstances.