Customer Service Policy

1. Introduction

1. Avanti Finance Private Limited (hereinafter referred to as ‘the Company’) has framed the Customer Service Policy (hereafter referred to as “Customer Service Policy” or “the Policy”) in accordance with the regulatory requirements specified by the Reserve Bank of India (RBI).
2. In pursuit of our mission to make financial services accessible and affordable in a timely manner to the un/underserved households, we constantly endeavour to deliver quality services to our users.
3. As a financial inclusion platform, providing quality customer service and ensuring customer satisfaction are of prime importance to Avanti. This Policy document aims at minimizing instances of customer complaint and grievances through proper service delivery, a robust review mechanism and prompt redressal of any customer complaint grievances that still may arise.

‍

2. Objectives of the Policy

The objective of the Customer Service Policy is to ensure all customers are treated fairly and without bias; issues raised by customers are attended and dealt with utmost care and resolved within a reasonable time; customers are made aware of their rights and alternative remedies if they are not satisfied with the response or resolution to their complaint.

‍

3. Categories of Customer’s Communications

1. Query - General inquiries, primarily relating to loans, interest rates, repayment terms, eligibility norms, categories of loans, eligibility criteria, terms of financing / refinancing etc;‍
2. Request – Requests for obtaining any valid services including financing or refinancing support by the customers directly;‍
3. Grievance – A communication by prospective / existing customers that expresses dissatisfaction because of lack of action, inadequate quality of services;‍
4. Complaint – Related to staff misbehaviour, cheating / fraud, false commitments, misconduct with the customers; and‍
5. Suggestion / Feedback – Suggestions / feedback with respect to its operations, policies or practices.

‍

4. Mechanism for Grievance

The customer grievance redressal policy shall adhere to the following principles:

• 1. Customers shall be treated fairly at all times Complaints raised by customers shall be dealt with courtesy and on time. Customers shall be fully informed of avenues to escalate their complaints/ grievances to the organization and their rights to alternative remedy, if they are not fully satisfied with the response of Avanti to their complaints.
  2. Customer can lodge his / her grievance through any of the following channels:
• I. Walk-in at Branch
  1. Each Partner Branch has a complaints register. Any customer is free to walk into the branch and register a complaint in the complaint register.
  2. The Partner will immediately scan the details of the complaints and share it with Avanti along with their inputs on the complaint. Avanti employees or the officer of field monitoring partner team visiting the Partner branch must check the complaints register for any open complaint.
  3. In case of any pending complaints or any discrepancy noted in the registering or closing the complaint(s) the visiting Avanti officer or officer of partner monitoring team should escalate the same to the Partnership team at Avanti Head office.
• II. Remotely
  1. Customers can submit their Complaints through post to the below address by giving full disclosures and details of the complaint and giving specific instances of the cause of complaint:
•          ⇒ Address: Avanti Finance Private Limited, #2727, 2nd Floor, 1st Main Road, HAL 3rd Stage, Ward No. 58 (Old No. 83), New Thippasandra, Bangalore, Bangalore North, Karnataka, India, 560075
• • 1. Customers can also submit their grievances through email at customerservice@avantifinance.in by giving full disclosures and details of the complaint and giving specific instances of the cause of complaint.
    2. Customers can also lodge their complaints and grievance by calling the customer Service contact of Avanti on the toll-free number 1800 309 5021. The timings of Customer Service Contact shall be made available in the branch display.

‍

5. Recording and tracking of Complaints

All the complaints received is recorded and tracked for end-to-end resolution in a spreadsheet format. Complaint MIS is published and shared to the management on quarterly basis for review and feedback.

‍

6. Resolution of Complaints

1. Any complaint through e-mail / letters / walk-in or any other mode shall be acknowledged promptly after receipt, at the Head Office or Partner Branch Offices as and when received;
2. The Complaints shall be registered in the Customer Grievance Register (CGR) maintained electronically and / or physically, and shall include full details of the complainant (name, address and contact details), date of receipt, fact of the complaint, category of complaint etc;

1. The company has appointed Mr. Edwin Samuel (edwin.samuel@avantifinance.in) as its authorized Grievance Redressal Officer (‘GRO’). The GRO will take steps to redress the grievances with care and diligence, normally within the period of 21 working days from the date of receipt of the complaints;

1. If the complainant is not satisfied with the reply / action / resolution given by Grievance Redressal Officer (GRO), the complainant can approach other escalation levels such as -

        ⇒ RBI: Reserve Bank of India: If the complaints/ disputes are not redressed within a period of one month, the customer may appeal to the Officer in Charge of Regional Office of DNBS of RBI. Complete contact details are as below:

            The Reserve Bank of India (RBI), Department of Non-Banking Supervision St. Martha's Hospital, 10/3/8, Nrupathunga Rd, Opp St, Nunegundlapalli, Ambedkar Veedhi, Bengaluru, Karnataka 560001;

1. The Company will acknowledge the receipt of the complaint and will generate a complaint reference number and will ensure that a resolution is provided within prescribed turnaround time (TAT) of 21 working days, not exceeding a period of 30 days across all levels. In the unlikely event of a customer not receiving a response within one month from the date of lodgement of the initial complaint, he/she may approach the NBFC Ombudsman;
2. The details of the NBFC Ombudsman are available as below and also in the Company’s website:

The final communication sent to the customer regarding redressal of the complaint shall mention about the option to the customer to approach the concerned RBI Ombudsman in case he/she is not satisfied with the redressal of the complaint.

‍

7. Tracking and Reporting

1. All complaints will be registered in a central complaints management system of the Company. Complaints will be assigned a unique reference number which will be communicated to the complainant along with an appropriate turnaround time;
2. In case the resolution needs additional time, an interim response shall be sent to the complainant;

1. All complaints shall be monitored at appropriate levels and marked as closed only after resolution of the customer grievance and due communication to customer; and

1. Reports on complaints received and status will be presented to the Board on a quarterly basis.

‍

8. Sensitizing Avanti and Partner employees on handling complaints

1. The Company shall impart training on an ongoing basis to all employees on handling complaints/ redressal of grievances/customer counselling; and

1. The Principal Nodal Officer of the Company shall ensure that internal mechanism for handling complaints/ grievances operates smoothly and efficiently at all levels.

‍

9. Recovery Process

1. The staff shall be trained in proper etiquette for recovery process as elaborated in the Fair Practice Code adopted by the Company.

‍

10. Policy Review and Updates

The implementation of this Policy shall be monitored and reviewed periodically by the Board of the Company.

‍

11. Time Frame

1. The Complaints received will be analyzed from all possible angles. All efforts will be made to resolve each complaint received generally within the stipulated time as per the following escalation matrix:
2. Customer Service Contact (CSC) or Partner engagement manager will address the complaint within 7 working days of receipt of the complaint;
3. Grievance Redressal Officer (GRO) will address the complaint within 21 working days of receipt of the complaint; and
4. There may be some complaints which require deeper analysis from all possible angles which may cause delayed resolution of the complaint. In such cases, the company will try to resolve the grievances at the earliest depending on the nature of the case. Such delay in addressing the complaint beyond the prescribed time limit shall be conveyed to the complainant along with reasons for the same.

‍

12. Reporting to Board of Directors

Summary of the customer grievance reports along with actions initiated would be reported to the Board at least once in a year. The report shall contain information like, the total no. of complaints received, Status of complaints such as closed and open and reason for open complaints thereof, which will be placed before the Board for information / guidance.

‍

13. Regulatory References

1. This policy is framed as per the following regulatory references and in accordance with leading industry practice: Master Direction – Reserve Bank of India (Non-Banking Financial Company –Scale Based Regulation) Directions, 2023
2. Review of the Policy: This Policy shall be reviewed annually.

‍

14. Display format at Branches

1. For any queries, feedback and grievances, clients may please feel free to contact the  Customer Support Service at Toll Free Contact Number 08041689310 between 9.30 to 6 pm on Monday to Friday except on holidays.

The customer feels that He/ She is not getting resolution from the company’s officials, she  can also contact the MFI industry Association / SRO – MFIN and Sa-Dhan. If the complaints/  disputes are not redressed within a period of one month, the borrower may appeal to the  Officer in Charge of Regional Office of DNBS of RBI.

‍

• Avanti Finance Private Limited  

Interest Rate Policy

1.Introduction

Avanti Finance Private Limited (hereinafter referred to as ‘the Company’) has framed the Interest Rate Policy (hereafter referred to as “Interest Rate Policy” or “the Policy”) in accordance with the regulatory requirements specified by the Reserve Bank of India (RBI).

2. Objectives of the Policy

This document aims to establish a framework for determining interest rates, processing charges and other charges. (All charges and rates mentioned herein are exclusive of Goods and Service Tax (GST) or any other applicable tax and the company shall charge and collect such taxes wherever applicable over and above mentioned charges and rates).

3. Methodology for determining an Interest Rate

3.1 The guiding principles for determining interest rate are as follows:

The Board of the company shall adopt an interest rate model taking into account relevant factors such as cost of funds, margin and risk premium and determine the rate of interest to be charged for loans and advances. The rate of interest and the approach for gradations of risk and rationale for charging different rate of interest to different categories of borrowers shall be disclosed to the borrower or customer in the electronic application form and communicated explicitly through electronic means.

The rate of interest shall be arrived at after taking into account relevant factors, such as cost of funds, operating expenses, margin, risk premium etc as detailed below.

● Internal and External Costs of Funds – The rate of interest charged will also be determined depending on the rate at which funds necessary to provide loan facilities to customers are sourced by the Company, normally referred to as internal cost of funds. From an external cost of funds perspective, the benchmark interest rate that may be used by the Company could be the 10 year Government of India bond rate or any other generally acceptable benchmark rate as adjusted for the rating spreads available in the markets.

● Internal Cost Loading – The interest rate charged will also take into account costs of doing business. Factors such as the complexity of the transaction, the size of the transaction and other factors that affect the costs associated with a particular transaction will also be taken into account before arriving at the final rate of interest quoted to a customer.

● Tenor of the Loan – The rate of interest charged will depend on the term of the loan;

● Credit Risk – As a matter of prudence, bad debt provision cost should also be factored into all transactions. This cost is reflected in the final rate of interest quoted to a customer. The amount of bad debt provision applicable to a particular transaction will depend on the credit strength of the customer

● Margin - This is the return expected by the shareholders of the company

● Fixed rate versus Floating rate – The applicable rate of interest shall also be commensurate from the perspective of the fixed versus floating interest rate requirements of the customers.

● Periodicity of Interest – Interest will be charged for the period as stipulated in the loan agreement, subject to any modifications thereto as may be agreed by and between the Company and the customer electronically.

Additionally, the final rate of interest charged to the customer is also dependent on the type of loan product offered to the customer.

3.2 Annualized Interest Rate: The rate of interest communicated to the borrower will be an annualised rate so that the borrower is aware of the exact rates that would be charged to the account

3.3 Ceiling on Interest rate: The Company will ensure that the applicable rate of interest to any borrower shall not exceed the maximum rate by the Company for each product. The interest rate range will be from 12% to 42% per annum.

‍

4. Processing fees and Other charges

Other than interest, the Company may charge some additional financial charges along with relevant taxes. These charges are decided based on various factors like the loan product offered, customer profile / segment, prevalent industry practices etc. The various other charges are

a) Processing Fees

b) Platform Fees

c) NACH bounce charges

d) Late payment charges

e) Pre-payment penalties as applicable. There will be no pre-payment penalties charged for microfinance loans or loans with floating rate of interest

The details of interest rate and other financial charges by the type of loan product are provided in Annexure-I

5. General Provisions

5.1 Communication of Interest Rate to the Customer – The Rate of Interest, Fees and other charges and the method of application thereof will be expressly stated as part of the Key Fact Statement in the Loan Agreement and Sanction Letter. The all inclusive effective annualized interest rate will also be part of the Key Fact Statement. The Company shall provide this information electronically to the borrower in English language along with a vernacular language as chosen by the borrower, The Company shall keep an electronic record of the acceptance of these terms and conditions by the borrower. The apportionment of the equated monthly instalments (“EMI”) amount towards the principal and interest will also be communicated by the Company to the customer / borrower by way of the repayment schedule.

5.2 Changes in Terms – The Company shall give electronic notice to the borrower in English language along with a vernacular language as chosen by the borrowerof any change in the terms and conditions of the loan, including disbursement schedule, interest rates, service charges, prepayment charges etc. Further, any changes in the rate of interest shall be effected only prospectively and the electronic loan agreement shall contain the necessary provisions in this regard.

5.3 Grace Period - Interest will be payable by the customer / borrower on or before the due date stipulated therefore in the loan agreement entered into by the customer / borrower with the Company. However, the Credit Committee of Executives shall have discretionary power to grant a considered grace period to any customer / borrower.

5.4 Moratorium - The Company may consider necessary moratorium for payment of interest and repayment of principal amount with proper built in pricing, on a case to case basis.

5.5 Additional Interest and other Charges - Besides the normal interest, the Company levies additional interest for delays in payment of dues by the customer / borrower or additional interest on other facilities etc (annualised interest on the outstanding balance).

5.6 Waiver of Additional Interest / Financial Charges – Requests by the customer for waiver of additional interest / financial charges would normally not be entertained by the Company and such waiver will be at sole and absolute discretion of the Credit Head or a person of equivalent position, exercised on a case to case basis or any other person that the Board deems fit.

5.7 Pre-Payment - Pre-payment options available to the customer and the penalty / charges payable for exercise of such option shall be mutually agreed to on a case-to-case basis and communicated to the customer. There will be no pre-payment penalty / charges on Microfinance Loans or loans with floating rates of interest.

5.8 Company Website: The rates of interest and the approach for gradation of risks shall be made available on the web-site of the company and literature issued by it. The information published in the website or otherwise published shall be updated whenever there is a change in the rates of interest.

Though the primary mode of all operations, processes or procedures set in this Policy are electronic or digital in nature the company may at its discretion decide to use physical/written means for all or any points covered in this Policy.

6. Regulatory Reference

This policy is framed as per the following regulatory references and in accordance with leading industry practice:

Master Direction – Reserve Bank of India (Non-Banking Financial Company – Scale Based Regulation) Directions, 2023

Master Direction – Reserve Bank of India (Regulatory Framework for Microfinance Loans) Directions, 2022

7. Policy Review and Updates

The implementation of this Policy shall be monitored and reviewed periodically by the Board of the Company.

This Policy was:

(i) drafted on behalf of the Company by: Mr. Nagaraj Subrahmanya, CRO

(ii) internally reviewed by: Mr. Manish Thakkar, COO

(iii) approved by the Board of the Company on: September 12, 2018, Revision 1 on: March 31, 2022, Revision 2 on September 30, 2022, Revision 3 on August 10, 2023, Revision 4 on: August 24, 2024.

This Policy comes into effect from date of Board Approval

Annexure

‍

Other charges:

‍

1. Introduction

Avanti Finance Private Limited (hereinafter referred to as ‘the Company’) strongly believes in conducting all affairs of its constituents in a fair and transparent manner by adopting the highest standards of honesty, inclusiveness, professionalism, integrity and ethical behaviour.

The whistle blower policy (hereinafter referred to as “Whistle Blower Policy” or “Policy”) has been formulated as part of corporate governance norms and transparency where the employees, customers or stakeholders are encouraged to refer any complaints which have not been resolved or satisfactorily resolved within the usual applicable protocols. The employees may refer any complaints covering areas such as corruption, misuse of office, criminal offences, suspected / actual fraud, failure to comply with existing rules and regulations, conflicts of interest, related party transactions and acts resulting in financial loss/ operational risk, loss of reputation, etc.

This Policy shall provide a channel to the employees (including directors) and other stakeholders to report to the management or the board about unethical behaviour, actual or suspected fraud or violation of the Code of Business ethics or legal or regulatory requirements, incorrect or misrepresentation of any financial statements and reports and such other matters.

‍

2. Objectives of the Policy

The key objectives of the Policy are as under:

1. Promote a culture of speaking up / raising red flags on matters relating to breaches/ violations of the Company’s Code of Business ethics or fraudulent transactions.

2. Provide a platform and mechanism for the employees and relevant stakeholders to voice genuine concerns of grievances about unprofessional conduct without the fear of reprisal to the employee raising the concern.

3. Provide a non-threatening environment to employees to discuss matters relating to the Code of Business ethics.

4. Adhere to the highest standards of ethical, moral and legal conduct of business operations.

5. Promote clean business transactions, professionalism, productivity, promptness and transparent practices and ensures putting in place systems and procedures to curb opportunities for corruption.

6. Sustain, strengthen and encourage a culture of integrity & compliance.

7. Institutionalize a mechanism for protection of employees from reprisals or victimization, for whistle blowing in good faith as the Company strictly follows No Retaliation Policy.

8. Provide an assurance to external stakeholders that there is internal cordiality and transparency.

9. Treat the violations / breaches  / non-compliance at various levels of the Company with vigour and due care and accordingly realign processes and take corrective actions as part of its corporate governance.

The Policy shall help the Company to create an environment where employees and relevant stakeholders feel free and secure to raise the alarm where they see a problem. It shall also ensure that whistleblowers are protected from retribution, whether within or outside the Company.

3. Applicability of the Policy

The Policy applies to all the Company’s employees. The Policy shall also apply to any complaints made by other stakeholders of the Company such as outsourced agents, customers and members of public.

‍

4. Governance Structure

The Company has devised an effective whistle blower mechanism enabling stakeholders, including individual employees to freely communicate their concerns about illegal or unethical practices.

4.1 Nominated Director

A Director nominated by the Company’s Board of Directors (or the Audit Committee when legally required to be setup) will review the effectiveness of the vigil mechanism and implementation of the Whistle Blower Policy to provide adequate safeguards against victimization of employees and relevant stakeholders. The details of establishment of vigil mechanism shall be disclosed by the Company on the website, if any, and in the Board’s Report to the stakeholders.

In case of repeated frivolous complaints being filed by a director or an employee, the Audit Committee (when it is formed) or a director to be nominated by the Board (As required under Section 177 of the Companies Act, 2013 read along with Rule 7 of The Companies (Meetings of Board and its Powers) Rules, 2014) shall take suitable action against the concerned director or employee.

4.2 Whistle blowers Committee

The Whistleblower committee (“Whistleblower Committee” / “Committee”) shall comprise of Mr. Rahul Gupta, Mr. Manish Thakkar and Mr. Sunil Kumar Tadepalli and the Quorum of the meeting of the committee shall be 1/3rd of the total members of the committee or 2 members of the committee whichever is higher such that the attendance of the Nominated officer will be mandatory for the meeting.

The Committee shall meet when any complaint is referred by the nominated officer Mr. Rahul Gupta or on a suo moto basis at the discretion of the members of the Committee. The Committee shall institute further investigation / call for additional documentary evidence before submitting its findings on the matter.

The findings of the Whistle Blower Committee shall be suggested to the nominated Director for his / her decision (or the Audit Committee when required to be setup).

‍

5. Scope

This Policy intends to cover serious complaints that could have grave impact on the operations and performance of the business of the Company. Receipt of information about corruption, malpractice or misconduct on the part of employees, from whatever source, would be termed as a complaint. Complaints may be received from any of the following sources:

1. Complaints received from employees of the organisation or from the public
2. Departmental inspection reports
3. Scrutiny of transactions reported under the Code of Business ethics
4. Reports of irregularities in accounts detected in the routine audit of accounts, e.g. tampering with records, over-payments, misappropriation of money or materials, etc.
5. Audit reports of the accounts of the Company
6. Complaints and allegations appearing in the press, etc.
7. Source information, if received verbally from an identifiable source, to be reduced in writing.
8. Intelligence gathered by agencies like CBI, local bodies etc.

Under the Policy, employees and relevant stakeholders of the Company having sufficient grounds for a concern can lodge complaints.

The Policy intends to cover the following types of complaints:

1. Fraudulent activities or activities in which there is suspected fraud
2. Intentional or deliberate non-compliance with laws, regulations and policies
3. Questionable accounting practices including misappropriation of monies
4. Illegal activities
5. Corruption and deception
6. Misuse/ Abuse of authority
7. Violation of the Company’s rules, manipulations and negligence
8. Breach of contract
9. Pilferation of confidential/proprietary information
10. Deliberate violation of law/regulation
11. Wastage/misappropriation of Company’s funds/assets
12. Malpractices/ events) causing danger to public health and safety.

The following nature of complaints shall not be covered in the Policy:

1. Complaints that are frivolous in nature, i.e., without merit or reasonable basis including complaints with mala fide, malicious and/or ulterior motive.
2. Issues relating to personal grievance (increment, promotion, etc.), if not resolved by the mechanism (including Human Resources Department of the Company) in accordance with the Company’s Code of Conduct.

‍

6. Guiding Principles

To ensure that this Policy is adhered to, and to assure that the concerns raised under this Policy will be acted upon seriously, the Company will:

1. Ensure that the Whistle Blower and/or the person processing the Protected Disclosure is not victimized
2. Ensure complete confidentiality of the identity of the Whistle Blower
3. Not attempt to conceal evidence of the Protected Disclosure
4. Take disciplinary action, if anyone destroys or conceals evidence of the Protected Disclosure made/to be made
5. Provide an opportunity of being heard to the persons involved, especially to the Subject
6. Provide protection to Whistle Blower under this Policy provided that Protected Disclosure is made in good faith, the Whistle Blower has reasonable information or documents in support thereof and not for personal gain or animosity against the Subject
7. Take disciplinary action for event covered under this Policy or upon victimizing Whistle Blower or any person processing the Protected Disclosure.
8. Ensure that any other Director/ Employee or other stakeholders assisting in the said investigation or furnishing evidence, is protected to the same extent as the Whistle Blower.

‍

7. Procedure

7.1 Lodging of Complaints

The Protected Disclosure shall be submitted in a closed and secured envelope and shall be super scribed as “Protected disclosure under the Whistle Blower policy”. Alternatively, the same can also be sent through email or any other acceptable mode of communication with the subject “Protected disclosure under the Whistle Blower policy” to a functional email id of the Company who’s access is only with the Whistle Blower Committee. If the complaint is not super scribed and closed as mentioned above, it will not be possible for the Board to protect the Complainant and the protected disclosure will be dealt with as if a normal disclosure.

In order to protect identity of the Complainant, the nominated officer (or designated equivalent officer) will not issue any acknowledgement to the Complainants and they are advised neither to write their name/address on the envelope nor enter into any further correspondence with the nominated officer. The nominated officer shall assure that in case any further clarification is required he will get in touch with the Complainant.

Concerns expressed anonymously are much less persuasive and may hinder investigation as it is more difficult to look into the matter or to ensure protection of the Whistle Blower. Accordingly, Company will consider and investigate anonymous reports, but any concerns expressed or information provided anonymously would be investigated on the basis of the individual merit of each circumstance.

To ensure the anonymity of the Complainant, Company shall ensure that it shall not make any attempt to require the anonymous Complainant to reveal his/her identity, or carry any internal investigation with the sole purpose of tracking the anonymous Complainant.

Anonymous Complainant shall ensure that it submits enough data, details, documents, evidence to substantiate the violation.

The Protected Disclosure shall be forwarded under a covering letter signed by the Complainant. The nominated officer shall detach the covering letter bearing the identity of the Whistle Blower and process only the Protected Disclosure.

All Protected Disclosures shall be addressed to the nominated officer or Director of the Company or to the Audit Committee (when the committee is required to be legally setup).

The Protected Disclosures shall be addressed to the following address: The Nominated officer OR the nominated Director –

Avanti Finance Private Limited

#2727, 2nd Floor,

1st Main Road, HAL 3rd Stage,

Ward No. 58 (Old No. 83),

New Thippasandra, Bangalore,

Bangalore North, Karnataka, India, 560075

E-mail: whistleblower@avantifinance.in

7.2 Receipt of Complaint

On receipt of the Protected Disclosure, the nominated officer shall maintain and preserve records of the Protected Disclosure and also ascertain from the Complainant whether he / she was the person who made the Protected Disclosure or not. The record will include:

1. Brief facts
2. whether the same Protected Disclosure was raised previously on the same Subject and if so, the outcome thereof
3. Details of actions taken by the nominated officer (or equivalent department) or CEO for processing the complaint
4. Findings of the Whistle Blower Committee (or audit committee when the committee is required to be legally setup), the recommendations of the Committee/ other action(s).

An exclusive e-mail ID under the control of the Whistle Blower Committee has been set up to which any wrongful conduct can be reported by any Whistle Blower. The said email id is: - whistleblower@avantifinance.in

The nominated officer will carry out a preliminary analysis as to whether the complaint pertains to wrongful conduct or not or there is a prima-facie case and shall then refer the matter to the Whistle Blower Committee.

The Whistle Blower Committee, if deems fit, may call for further information or particulars from the Complainant.

7.3 Investigation Report

All Protected Disclosures reported under this Policy will be thoroughly investigated by the nominated officer of the Company who will investigate / oversee the investigations under the authorization of the Whistle Blower Policy or audit committee (when the committee is required to be legally setup). The nominated officer may at its discretion consider involving any investigators for the purpose of investigation.

The decision to conduct an investigation taken into a Protected Disclosure by itself is not an acceptance of the accusation by the authority. It is to be treated as a neutral fact-finding process because the outcome of the investigation may or may not support accusation; unless there are compelling reasons not to do so, Subjects will be given reasonable opportunity for hearing their side during the investigation. No allegation of wrongdoing against a Subject shall be considered as maintainable unless there is good evidence in support of the allegation.

The Subject shall have right to access any document/ information for their legitimate need to clarify/ defend themselves in the investigation proceedings.

The nominated officer shall normally complete the investigation within 45 days of the receipt of Protected Disclosure.

Based on a thorough examination of the findings, the nominated officer shall submit a report to the Whistle Blower Committee on a regular basis about all Protected Disclosures referred to him/her since the last report together with the results of investigations, if any.

The Committee shall look into the complaints report prepared by the nominated officer and can suo moto institute further investigation / call for additional documentary evidence before submitting its findings on the matter. The findings of the Whistle Blower Committee shall be suggested to the nominated Director for his / her decision (or the Audit Committee when required to be setup). The findings of the Whistle Blower Committee shall be suggested to the nominated Director for his / her decision (or the Audit Committee when required to be setup).

7.4 Appeal and Decision

If an investigation leads the nominated officer to conclude that an improper or unethical act has been committed which would result in suggested disciplinary action, including dismissal, if applicable; the nominated officer shall recommend to the Whistle Blower Committee of the Company to take such disciplinary or corrective action as he may deem fit. All discussions would be documented and the final report will be recommended by the Whistle Blower Committee and duly approved by the nominated Director.

If the report of investigation is not to the satisfaction of the Complainant, the Complainant has the right to report the event to the appropriate legal or investigating agency. A Complainant who makes false allegations of unethical & improper practices or about alleged wrongful conduct of the Subject shall be subject to appropriate disciplinary action in accordance with the rules, procedures and policies of the Company.

7.5 Confidentiality

Every effort will be made to protect the identity of the Complainant, subject to legal constraints except in cases where the Complainant turns out to be vexatious or frivolous and action has to be initiated against the Complainant. In the event of the identity of the Complainant being disclosed, the nominated officer can initiate appropriate action against the person making such disclosure.

7.6 Protection

The Company, as a policy, condemns any kind of discrimination, harassment, victimization or any other unfair employment practice being adopted against Whistle Blowers. Complete protection will therefore be given to Whistle Blowers against any unfair practice like retaliation, threat or intimidation of termination / suspension of service, disciplinary action, transfer, demotion, refusal of promotion or the like including any direct or indirect use of authority to obstruct the Whistle Blower’s right to continue to perform his duties / functions including making further Protected Disclosure.

A Whistle Blower may report any violation of the above clause to the Whistle Blower Committee or chairman of the audit committee, who shall investigate into the same and recommend suitable action to the Internal Complaint Committee.

‍

8. Record Keeping

All documentation pertaining to the complaint including the investigation report, corrective action taken and evidence will be maintained for a period of 8 years or such other period as specified by any other law in force, whichever is more.

‍

9. Reporting Requirements

The following are the reporting requirements -

1. The details of establishment of vigil mechanism shall be disclosed by the Company on the website, if any, and in the Board’s Report.
2. Whistle Blower Policy, and affirmation that no personnel has been denied access to the Board for reporting actions under the Whistle Blower Policy.

‍

10. Policy Review and Updates

The implementation of this Policy shall be monitored and reviewed annually by the Board of the Company.

This Policy was :

(i) Drafted on the behalf of the Company by : Mr. Nagaraj Subrahmanya, CRO

(ii) Internally reviewed by: Mr. Rahul Gupta, CEO

(iii) Approved by the Board of the Company on : February 14, 2019, Revision 1 on : January 10, 2020, Revision 2 on : March 13, 2023, Revision 3 on : October 31, 2023, Revision 4 on :  November 12, 2024

This Policy comes into effect from the date of Board approval.

‍

11. Definitions

1. Audit Committee: A committee constituted by the Board of Directors of the Company in accordance with Companies Act, 2013.

2. Protected Disclosure: a concern raised by a written communication made in good faith that discloses or demonstrates information that may evidence unethical or improper activity. Protected Disclosures should be factual and not speculative in nature.

3. Subject: a person against or in relation to whom a Protected Disclosure has been made or evidence gathered during the course of an investigation.

4. Whistle Blower/Complainant: an employee making a Protected Disclosure under this Policy. An employee making a disclosure under this process is commonly referred to as a complainant. The complainant is not expected to prove the truth of an allegation, the complainant needs to demonstrate that there are sufficient grounds for concern and expected to provide the complete details/evidences in his possession.

CODE OF CONDUCT

1. SCOPE AND PURPOSE OF THIS CODE

1.1 In this Code of Conduct Policy / Code of Business Ethics (“Code”), “we” or “us” or “our” means Avanti Finance Private Limited (“Company”), and includes our executive directors, officers, employees and those who work with us, as the context may require.

1.2 This Code sets out how we behave with:

(i) our employees, or those who work with us;

(ii) our customers;

(iii) the communities and the environment in which we operate;

(iv) our value-chain partners, including suppliers and service providers, distributors, sales representatives, contractors, channel partners, consultants, intermediaries and agents;

(v) our joint-venture partners or other business associates;

(vi) our financial stakeholders;  and

(vii) the governments of the regions where we operate.

1.3 This Code sets out our expectations of all those who work with us. We also expect those who deal with us to be aware that this Code underpins everything we do, and in order to work with us they need to act in a manner consistent with this Code.

1.4 This Code of Conduct attempts to set forth the guiding principles and values on which the Company’s employees shall operate and conduct its business with its various stakeholders, government and regulatory agencies, media, and anyone else with whom it is connected. The Company recognizes that maintaining the trust and confidence of all its stakeholders is crucial to its continued growth and success. The Code sets the standards to be adopted by all staff and outlines the duties of the directors of the Board and independent directors in Annexure 2.

1.5 This Code applies to following activities undertaken by us:

(i) providing credit services to clients individually or in groups;

(ii) recovery of credit provided to clients;

(iii) collection of thrift from clients, where ever applicable;

(iv) providing insurance and pension services, remittance services or any other products and services permitted under applicable law, that will reduce vulnerability of our clients;

(v) formation of any type of community collectives including self-help groups, joint liability groups and their federations; and

(vi) business development services including marketing of products or services made or extended by the eligible clients or for any other purpose for the welfare and benefit of clients.

‍

2. OUR CORE VALUES

2.1 The core values that underpin the way we conduct our business activities are:

2.1.1 INTEGRITY: We are fair, honest, transparent and ethical in our conduct; everything we do must stand the test of public scrutiny. Our primary mission is to service financially excluded individuals and families by providing them access to financial services, which are client focused, designed to enhance their well-being, and delivered in an ethical, dignified, transparent, equitable and cost-effective manner.

2.1.2 QUALITY OF SERVICE: We are committed to ensure quality services to our clients, appropriate to their needs and delivered efficiently in a convenient and timely manner. While doing so, we agree to maintain high standards of professionalism based on honesty, equality and dedication to serve the poor.

2.1.3 TRANSPARENCY: We shall provide our clients complete and accurate information and educate them about the terms of financial services offered by us such as interest rates and all other charges as well as our policies and procedures in a manner that is understandable by them.

2.1.4 PIONEERING: We will be bold and agile, courageously taking on challenges, using deep customer insight to develop innovative solutions.

2.1.5 PRIVACY OF CLIENT INFORMATION: We will safeguard personal information of clients, only allowing disclosures and exchange of such information to others who are authorised to see it, with the knowledge and consent of clients.

2.1.6 RESPONSIBILITY: We will integrate environmental and social principles in our businesses, ensuring that what comes from the people goes back to the people many times over.

2.1.7 RESPECT AND NON-DISCRIMIINATION: We are committed to treat everyone fairly and with respect and dignity. We recognize and value different skills, strengths, and perspectives of our diverse workforce. We believe that each employee makes a meaningful contribution in its success. We do not discriminate or restrict any applicants in the process of recruitment or employment or any employees on the basis of caste / creed / religion /national origin/political affiliation/ gender / race or ethnicity.

2.1.8 FAIRNESS: We are committed to fairness and objectivity in conducting our dealings with all stakeholders, including customers and employees. Justice and fairness is imbibed in our fabric to ensure procedural fairness, impartiality and consistency in our operations. We treat our employees fairly and ensure that our rewards and recognition policies are administered fairly. The rules of the Company related to the Code of Conduct / Code of Business Ethics shall apply uniformly to all of our employees.

2.1.9 RESPONSIBILITY AND PROFESSIONALISM: Our employees are expected to demonstrate highest levels of personal responsibility and professionalism in all dealings with stakeholders. The accountability is at individual level rather than collective. Our employees remain committed and enthusiastic to assume responsibility for actions for the organisation. The staff shall maintain healthy competition within the Company and shall also focus on teamwork.

2.1.10 COMPLIANCE: Our staff remains compliant to all the applicable laws, rules, regulations, policies and this Code. We will strive to inculcate a compliance conscious culture within our staff to ensure compliance in all dealings with stakeholders.

2.1.11 COMPASSION: Compassion, sharing and kindness are values that we try to inculcate in our decision making. We shall inculcate compassion within our staff so as to empathize with the customers. We shall also remain compassionate towards our employees and shall remain committed to help our employees to tide over crisis to the extent possible. We shall continue to maintain a highly ethical work environment.

‍

3. OUR CORE PRINCIPLES

3.1 We are committed to operating our businesses by conforming to the highest moral and ethical standards. We do not tolerate bribery or corruption in any form. This commitment underpins everything that we do.

3.2 We are committed to good corporate citizenship. We treat social development activities, which benefit the communities we operate in as an integral part of our business plan.

3.3 We seek to contribute to the economic development of the communities in regions we operate, with due respect to their culture, norms and heritage. We seek to avoid any project or activity that is detrimental to the wider interests of the communities in which we operate.

3.4 We shall not compromise safety in the pursuit of commercial advantage. We shall strive to provide a safe, healthy and clean working environment for our employees and all those who work with us.

3.5 When representing the Company, we shall act with professionalism, honesty and integrity, and conform to the highest moral and ethical standards. Our conduct shall be fair and transparent and be perceived as fair and transparent by third parties.

3.6 We shall respect the human rights and dignity of all our stakeholders.

3.7 We shall strive to balance the interests of our stakeholders, treating each of them fairly and avoiding unfair discrimination of any kind.

3.8 The statements that we make to our stakeholders shall be truthful and made in good faith.

3.9 We shall not engage in any restrictive or unfair trade practices.

3.10 We shall provide avenues for our stakeholders to raise concerns or queries in good faith, or report instances of actual or perceived violations of our Code.

3.11 We shall strive to create an environment free from fear of retribution to deal with concerns that are raised, or cases reported in good faith. No one shall be punished or made to suffer fo raising concerns or making disclosures in good faith or in the public interest.

3.12 We expect the leaders of our businesses to demonstrate their commitment to the ethical standards set out in this Code through their own behavior and by establishing appropriate processes.

3.13 We shall comply with the laws of the countries in which we operate and any other laws which apply to us. With regard to those provisions of the Code that are explicitly dealt with under an applicable law or employment terms, the law and those terms shall take precedence. In the event that the standards prescribed under any applicable law are lower than that of the Code, we shall conduct ourselves as per the provisions of the Code.

3.14 We shall adhere to the Fair Practices Code as mandated by the Reserve Bank of India for NBFCs, ensuring fair and transparent lending practices.

‍

4. OUR EMPLOYEES

4.1 Employee behaviour:

4.1.1 In official as well as personal capacity, employees at no times should indulge in any action/ behaviour that is:

1. violation of any law, illegal or immoral; or
2. indicative of personal indiscretion; or
3. socially unacceptable; or
4. not in line with the organization’s objectives.

• 4.1.2 Employees are expected to ensure that their conduct at all times is such that the Company’s reputation is upheld and not compromised.
• 4.1.3 We are committed to providing a work environment that fosters cooperation, professionalism and teamwork among co-workers. We require that every employee will respect the rights and dignity of all employees without any prejudice to any race, colour, religion, national origin, sex, disability or other characteristics protected by law.
• 4.1.4 We expect our employees to have an exemplary behaviour and not indulge in any misconduct. Misconduct shall mean any act or omission or commission whether specified herein or otherwise, whether amounting to substantive act, abetment or connivance, committed within or outside the premises of the establishment or any act or omission which is, in any manner detrimental to the interest of the business or discipline or reputation or prestige of the Company and the establishment, whether committed within or outside the premises of the establishment. An indicative list of types of misconducts has been covered in Annexure 1.
• 4.1.5 Depending on the severity of the misconducts, suitable disciplinary action would be taken against the erring employee.
• 4.2 Equal opportunity employer
• 4.2.1 We provide equal opportunities to all our employees and to all eligible applicants for employment in our Company. We do not unfairly discriminate on any ground, including race, caste, religion, colour, ancestry, marital status, gender, sexual orientation, age, nationality, ethnic origin, disability or any other category protected by applicable law.
• 4.2.2 When recruiting, developing and promoting our employees, our decisions will be based solely on performance, merit, competence and potential.
• 4.2.3 We shall have fair, transparent and clear employee policies which promote diversity and equality, in accordance with applicable law and other provisions of this Code. These policies shall provide for clear terms of employment, training, development and performance management.
• 4.3 Dignity and respect
• 4.3.1 Our leaders shall be responsible for creating a conducive work environment built on tolerance, understanding, mutual cooperation and respect for individual privacy.
• 4.3.2 Everyone in our work environment must be treated with dignity and respect. We do not tolerate any form of harassment, whether sexual, physical, verbal or psychological.
• 4.3.3 We have clear and fair disciplinary procedures, which necessarily include an employee’s right to be heard.
• 4.3.4 We respect our employees’ right to privacy. We have no concern with their conduct outside our work environment, unless such conduct impairs their work performance, creates conflicts of interest or adversely affects our reputation or business interests.
• 4.4 Collection, Use and Disclosure of personal information of Employees
• 4.4.1 Purpose of collection: In the course of conducting our business and complying with various applicable law relating to employment, tax, insurance, etc., we collect
• certain personal information from our Employees (“Employee Personal Information”). The nature of the Employee Personal Information collected varies for each employee and depends upon employee’s responsibilities, citizenship, work location, and other factors. The purpose of collecting and using Employee Personal Information is limited to the business purposes, including those related directly to employee’s employment with the Company, and any other such requirement as per applicable law. We will not retain Employee Personal Information for longer than is required for the purpose herein.
• 4.4.2 Types of information collected: Employee Personal Information includes, without limitation, the following:
  
  1. Name
  2. Phone numbers
  3. Email address
  4. Mailing addresses
  5. Banking and other financial data
  6. Date of birth
  7. Gender, race, and ethnicity
  8. Health and disability data
• 4.4.3 Usage: The primary purposes for collection, storage and/or use of your Personal Information include, but are not limited to:

1. Human Resources Management. We collect, store, analyze, and may share (internally) Employee Personal Information in order to attract, retain and motivate a highly qualified workforce. This includes recruiting, compensation planning, succession planning, reorganization needs, performance assessment, training, employee benefit administration, compliance with applicable legal requirements, and communication with employees and/or their representatives.
2. Business Processes and Management. Employee Personal Information is used to run our business operations including, for example, scheduling work assignments, managing company assets, reporting and/releasing public data (e.g., Annual Reports, etc.); and populating employee directories.
3. Safety and Security Management. We use such Employee Personal Information as appropriate to ensure the safety and protection of employees, assets, resources, and communities.
4. Communication and Identification. We use Employee Personal Information to identify you and to communicate with the employees.

4.4.4 Disclosure: We stive to protect Employee Personal Information and ensure that unauthorized individuals do not have access to such information by using adequate security measures. We will not knowingly disclose, sell or otherwise distribute Employee Personal Information to any third party without the relevant employee’s knowledge and, where appropriate, your express written permission, except under the following circumstances:

1. Legal requests and investigations. We may disclose Employee Personal Information when such disclosure is reasonably necessary (i) to prevent fraud; (ii) to comply with any applicable law; or (iii) to comply with an order by a competent court.
2. Third-party vendors and service providers. We may, from time to time, outsource services, functions, or operations of our business to third-party service providers. When engaging in such outsourcing, it may be necessary for us to disclose Employee Personal Information to those service providers (for example, payroll service providers). In some cases, the service providers may collect Employee Personal Information directly from the employee on our behalf. Our relationship with such service providers will be governed by such commercial, operational and other terms as negotiated under valid contract.
3. Business Transfers: During the term of employment, we may buy other companies, create new subsidiaries or business units or sell part or all of our assets. It is likely that, as part of such process, some or all of Employee Personal Information will be transferred to another company as part of any such the transaction.
4. Reserved Matters. We may release Employee Personal Information when we believe release is necessary to comply with the law; enforce or apply our policies and other agreements; or protect the rights, property, or safety of Company, our employees, or others. This disclosure will never, however, include selling, renting, sharing or otherwise disclosing Employee Personal Information for commercial purposes in violation of the commitments set forth in this Code.

4.4.5 Security Practices

1. We employ commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of Employee Personal Information. These include internal reviews of our collection, storage and processing practices and security measures, such as appropriate encryption and physical security measures to guard against unauthorized access to systems where we store such information.
2. Only authorized employees have access to Employee Personal Information.
3. Paper and other hard copy containing Employee Personal Information (or any other confidential information) is secured in a locked location when not in use.
4. Computers and other access points should be secured when not in use by logging out or locking. Passwords should be guarded and not shared.
5. Electronic files containing Employee Personal Information should only be stored on secure computers and not copied or otherwise shared with unauthorized individuals within or outside of Company.
6. All Employee Personal Information shall be maintained by Company for such time period as may be required as per applicable law.

4.4.6 The Employees, as and when requested by them, may review the information provided and ensure that the Employee Personal Information found to be inaccurate or deficient is correct or amended as feasible.

4.5 Human rights

4.5.1 We do not employ children at our workplaces.

4.5.2 We do not use forced labour in any form. We do not confiscate personal documents of our employees or force them to make any payment to us or to anyone else in order to secure employment with us, or to work with us.

4.6 Bribery and corruption

4.6.1 Our employees and those representing us including agents and intermediaries shall not, directly or indirectly, offer or receive any illegal or improper payments or comparable benefits that are intended or perceived to obtain undue favours for the conduct of our business.

4.7 Gifts and hospitality

4.7.1 Business gifts and hospitality are sometimes used in the normal course of business activity. However, if offers of gifts or hospitality (including entertainment or travel) are frequent or of substantial value, they may create the perception of, or an actual conflict of interest or an ‘illicit payment’. Therefore, gifts and hospitality given or received should be modest in value and appropriate, and in compliance with our Company’s gifts and hospitality policy.

4.7.2 As a general rule, we can accept gifts or hospitality from a business associate, only if such a gift:

(a) has modest value and does not create a perception (or an implied obligation) that the giver is entitled to preferential treatment of any kind;

(b) would not influence, or appear to influence, our ability to act in the best interest of our Company; and/ or

(c) would not embarrass our Company or the giver if disclosed publicly.

4.7.3 The following gifts are never appropriate and should never be given or accepted:

(d) gifts of cash or gold or other precious metals, gems or stones;

(e) gifts that are prohibited under applicable law;

(f) gifts in the nature of a bribe, payoff, kickback or facilitation payment*;

(g) gifts that are prohibited  by  the gift giver’s or recipient’s organization; and

(h) gifts in the form of services or other non-cash benefits (e.g. a promise of employment).

(*‘Facilitation payment is a payment made to secure or speed up routine legal government actions, such as issuing permits or releasing goods held in customs.)

4.8 Freedom of association

4.8.1 We recognise that employees may be interested in joining associations or involving themselves in civic or public affairs in their personal capacities, provided such activities do not create an actual or potential conflict with the interests of our Company. Our employees must notify and seek prior approval for any such activity as per the ‘Conflicts of Interest’ clause of this Code and in accordance with applicable Company policies and law.

4.9 Working outside employment with us

4.9.1 Taking employment, accepting a position of responsibility or running a business outside employment with our Company, in your own time, with or without remuneration, could interfere with your ability to work effectively at our Company or create conflicts of interest. Any such activity must not be with any customer, supplier, distributor or competitor of our Company. Our employees must notify and seek prior approval for any such activity as per the ‘Conflicts of Interest’ clause of this Code and in accordance with applicable Company policies and law.

4.10 Integrity of information and assets

4.10.1 Our employees shall not make any willful omissions or material misrepresentation that would compromise the integrity of our records, internal or external communications and reports, including the financial statements.

4.10.2 Our employees and directors shall seek proper authorization prior to disclosing Company or business-related information, and such disclosures shall be made in accordance with our Company’s media and communication policy. This includes disclosures through any forum or media, including through social media.

4.10.3 Our employees shall ensure the integrity of personal data or information provided by them to our Company. We shall safeguard the privacy of all such data or information given to us in accordance with applicable Company policies or law.

4.10.4 Our employees shall respect and protect all confidential information and intellectual property of our Company.

4.10.5 Our employees shall safeguard the confidentiality of all third party intellectual property and data. Our employees shall not misuse such intellectual property and data that comes into their possession and shall not share it with anyone, except in accordance with applicable Company policies or law.

4.10.6 Our employees shall promptly report the loss, theft or destruction of any confidential information or intellectual property and data of our Company or that of any third party.

4.10.7 Our employees shall use all Company assets, tangible and intangible, including computer and communication equipment for the purpose for which they are provided and in order to conduct our business. Such assets shall not be misused. We shall establish processes to minimize the risk of fraud, and misappropriation or misuse of our assets.

4.10.8 We shall comply with all applicable anti-money laundering, anti-fraud and anti-corruption laws and we shall establish processes to check for and prevent any breaches of such laws.

4.11 Insider Trading

4.11.1 Our employees must not indulge in any form of insider trading nor assist others, including immediate family, friends or business associates, to derive any benefit from access to and possession of price sensitive information that is not in the public domain. Such information would include information about our Company, our clients and our suppliers.

4.12 Prohibited drugs and substances

4.12.1 Use of prohibited drugs and substances creates genuine safety and other risks at our workplaces. We do not tolerate prohibited drugs and substances from being possessed, consumed or distributed at our workplaces, or in the course of Company duties.

4.13 Conflict of interest

4.13.1 Our employees and executive directors shall always act in the interest of our Company and ensure that any business or personal association including close personal relationships which they may have, does not create a conflict of interest with their roles and duties in our Company or the operations of our Company. Further, our employees and executive directors shall not engage in any business, relationship or activity, which might conflict with the interest of our Company.

4.13.2 Should any actual or potential conflict of interest arise, the concerned person must immediately report such conflicts and seek approvals as required by applicable law and Company policy. The competent authority shall revert to the employee within a reasonable time as defined in our Company’s policy, so as to enable the concerned employee to take necessary action as advised to resolve or avoid the conflict in an expeditious manner.

4.13.3 In the case of all employees other than executive directors, the Chief Executive Officer / Managing Director shall be the competent authority, who in turn shall report such cases to the Board of Directors on a quarterly basis. In case of the Chief Executive Officer / Managing Director and executive directors, the Board of Directors of our Company shall be the competent authority.

4.13.4 Notwithstanding such or any other instance of conflict of interest that exists due to historical reasons, adequate and full disclosure by interested employees shall be made to our Company’s management. At the time of appointment in our Company, our employees and executive directors shall make full disclosure to the competent authority, of any interest leading to an actual or potential conflict that such persons or their immediate family (including parents, siblings, spouse, partner, children) or persons with whom they enjoy close personal relationships, may have in a family business or a company or firm that is a competitor, supplier, customer or distributor of, or has other business dealings with, our Company.

4.14 Examples of Potential Conflict of Interest

4.14.1 A conflict of interest, actual or potential, arises where, directly or indirectly, an employee or executive director:

(i) engages in a business, activity or relationship with anyone who is party to a transaction with our Company;

(ii) is in a position to derive an improper benefit, personally or for any family member or for any person in a close personal relationship, by making or influencing decisions relating to any transaction;

(iii) conducts business on behalf of our Company or is in a position to influence a decision with regard to our Company’s business with a supplier or customer where a relative of, or a person in close personal relationship with, an employee or executive director is a principal officer or representative, resulting in a personal benefit or a benefit to the relative;

(iv) is in a position to influence decisions with regard to award of benefits such as increase in salary or other remuneration, posting, promotion or recruitment of a relative or a person in close personal relationship employed in our Company;

(v) undertakes an activity by which the interest of our Company can be compromised or defeated; or

(vi) does anything by which an independent judgement of our Company’s best interest cannot be exercised.

4.14.2 A conflict of interest could be any known activity, transaction, relationship or service engaged in by an employee, his/her immediate family (including parents, siblings, spouse, partner, and children), relatives or a close personal relationship, which may cause concern (based upon an objective determination) that the employee could not or might not be able to fairly perform his/her duties to our Company.

4.14.3 If there is a failure to make the required disclosure and our management becomes aware of an instance of conflict of interest that ought to have been disclosed by an employee or executive director, our management shall take a serious view of the matter and consider suitable disciplinary action as per the terms of employment. In all such matters, we shall follow clear and fair disciplinary procedures, respecting the employee’s right to be heard.

4.14.4 Acceptance of a position of responsibility (whether for remuneration or otherwise) in the following cases would typically be permitted, provided the time commitments these demands do not disturb or distract from the employee’s primary duties and responsibilities in our Company, and are promptly disclosed to the relevant competent authority:

(i) directorships on the Boards of any of our joint ventures or associate companies;

(ii) memberships/positions of responsibility in educational/professional bodies, where such association will promote the interests of our Company; or

(iii) memberships or participation in government committees/bodies or organizations.

‍

5. OUR CLIENTS AND CUSTOMERS

5.1 Transparency: To ensure that the Company maintains transparency in its operations and communications vis-à-vis its clients, Company will adhere to the following in addition to the requirements as set out under the Interest Rate Policy of the Company which may be accessed at <insert link>:

(i) disclose to clients all the terms and conditions (including changes if any) of our financial services offered in the language understood by the client;

(ii) provide loan sanction letter or any other document clearly indicating the rate of interest, mode of charging interest, levy of any other charges, terms of repayment to the client against his/her acknowledgement;

(iii) provide information to clients on the rate of interest offered on the thrift services, wherever applicable;

(iv) provide information to clients related to the premium and other fees being charged on insurance services;

(v) provide a valid receipt for every payment received from the borrower;

(vi) provide periodical statements of their accounts by means of a passbook or any other mechanism to the clients; and

(vii) all the above disclosures to the client may be made digitally.

5.2 Client Protection: In protecting the interest of the clients/borrowers, the Company is committed to following fair practices built on dignity, respect, fair treatment, persuasion and courtesy to clients. We shall adhere to the digital lending guidelines issued by the Reserve Bank of India, including providing necessary information to borrowers before the execution of the contract.

5.3 Avoiding over-indebtedness: Company will take reasonable steps to ensure that credit services are based on the need and repayment capacity of the client and that this service will not put the client / borrowers at significant risk of over-indebtedness. Accordingly, the Company will:

(i) undertake appropriate interaction and collection practices;

(ii) interact with the clients in an acceptable language and dignified manner and spare no efforts in fostering clients’ confidence and long-term relationship;

(iii) have a clearly defined and phased procedure in case of client default;

(iv) maintain decency and decorum during the visit to the clients’ place for collection of dues;

(v) avoid inappropriate occasions such as bereavement in the family or such other calamitous occasions for making calls/visits to collect dues; and

(vi) avoid any demeanor that would suggest any kind of threat or violence.

5.4 Privacy of client information: Company is committed to keep personal client information strictly confidential except in the following circumstances:

(i) client has been informed about such disclosure and permission has been obtained;

(ii) it is legally required to do so;

(iii) the party in question has been authorized by the client; or

(iv) this practice is customary amongst financial institutions and available for a close group on reciprocal basis (such as a credit bureau).

‍

6. ENGAGEMENT OF STAKEHOLDERS: IDENTIFICATION AND PRIORITIZATION

6.1 The Company integrates stakeholder engagement within its governance, strategies, and operational plans. The stakeholders include those:

(i) who are directly or indirectly dependent on Companies activities, products or services and associated performance, or on whom Company is dependent in order to operate; or

(ii) to whom Company has, or in the future may have, legal, commercial, operational or ethical/moral responsibilities; or

(iii) who can influence or have impact on Companies strategic or operational decision-making.

Stakeholders are further prioritized according to either the relevance of the stakeholders to the core business of the Company, or because the Company’s impact is high on a particular stakeholder for, e.g., supporting the economical or cultural growth.

6.2 Accordingly, the engagement process includes -

(i) Identification of Purpose, Scope, Ownership and Mandate

(ii) Profiling and prioritization of stakeholders

(iii) Settling of Engagement Levels and methods

(iv) Definition and Communication of Boundaries of disclosure

(v) Drawing up an Engagement Plan

(vi) Choosing Indicators for measuring engagement activities

(vii) Identification and Mitigation of Engagement risks - through inviting, informing, and briefing the stakeholders

(viii) Evaluation of stakeholder capacity

(ix) Carefully listening to the stakeholders during the engagement

(x) Documenting the engagement

(xi) Enhancing our engagement activities, review the outcomes of the engagement and report on engagement results.

(a) Given the social and economic context of the customers/borrowers, such engagements are generally through Gram or Sabha-level meetings, informal interactions instead of formal sample surveys.

(b) Company engages with employees and partners by way of training seminars held by the Company to maintain consistent upliftment of the quality of the services. Further, from time to time departmental meetings or project based discussions are held to ensure effective coordination and collaboration at different verticals of the Company.

(c) Company’s interactions with non-profit organizations are mostly project based to harness the rich experience of such organization in their assessment of local needs and also in order to take feedback and design products for their suitable needs.

(d) Detailed information of the Company including quarterly reports, annual reports or upon request are promptly shared with the investors of the Company. Further, investor meetings are scheduled from time to time for better communication about Company’s growth and business plans.

6.3 To have a systematic approach with all stakeholders, we classify our stakeholders into the following categories:

(i) Customers / Borrowers

(ii) Employees

(iii) Partners

(iv) Investors

(v) Non-Profit Organizations

(vi) Regulatory bodies

(vii) Communities we operate in (including vulnerable communities such as indigenous tribal communities, below poverty line communities or other marginalized communities)

(viii) Media

6.4 The stakeholder identification process is based on the following phases:

(i) Analysis of business processes.

(ii) For each process, identification of all interested, and impacted groups.

(iii) Grouping stakeholders in homogenous categories (according to relevance to the company or to the stake they hold)

(iv) Identification of priority groups within each category.

6.5 Company engages with the stakeholders in the following ways :

(i) Digital Enhancements;

(ii) Seek periodic advise through questionnaire;

(iii) Discussion on process problems and setbacks.

‍

7. OUR COMMUNITIES AND THE ENVIRONMENT

7.1 Communities: We are committed to good corporate citizenship and shall actively assist in the improvement of the quality of life of the people in the communities in which we operate.

7.1.1 We engage with the community and other stakeholders to minimize any adverse impact that our business operations may have on the local community and the environment.

7.1.2 We encourage our workforce to volunteer on projects that benefit the communities in which we operate, provided the principles of this Code, where applicable, and in particular the ‘Conflicts of Interest’ clause is followed.

7.2 The environment: In the production and sale of our products and services, we strive for environmental sustainability and comply with all applicable laws and regulations.

7.2.1 We seek to prevent the wasteful use of natural resources and are committed to improving the environment, particularly with regard to the emission of greenhouse gases, consumption of water and energy, and the management of waste and hazardous materials. We shall endeavor to offset the effect of climate change in our activities.

‍

8. OUR VALUE-CHAIN PARTNERS

8.1 We shall select our suppliers and service providers fairly and transparently.

8.2 We seek to work with suppliers and service providers who can demonstrate that they share similar values. We expect them to adopt ethical standards comparable to our own.

8.3 Our suppliers and service providers shall represent our Company only with duly authorized written permission from our Company. They are expected to abide by the Code in their interactions with, and on behalf of us, including respecting the confidentiality of information shared with them.

8.4 We shall ensure that any gifts or hospitality received from, or given to, our suppliers or service providers comply with our Company’s gifts and hospitality policy.

8.5 We respect our obligations on the use of third-party intellectual property and data.

‍

9. OUR FINANCIAL STAKEHOLDERS

9.1 We are committed to enhancing shareholder value and complying with laws and regulations that govern shareholder rights.

9.2 We shall inform our financial stakeholders about relevant aspects of our business in a fair, accurate and timely manner and shall disclose such information in accordance with applicable law and agreements.

9.3 We shall keep accurate records of our activities and shall adhere to disclosure standards in accordance with applicable law and industry standards.

‍

10. GOVERNMENTS

10.1 Political non-alignment: We shall act in accordance with the constitution and governance systems of the regions/countries where we operate. We do not seek to influence the outcome of public elections, nor to undermine or alter any system of government. We do not support any specific political party or candidate for political office. Towards this end:

10.1.1 Our conduct must preclude any activity that could be interpreted as mutual dependence/favour with any political body or person, and we do not offer or give any Company funds or property or other resources as donations to any specific political party, candidate or campaign.

10.1.2 Any financial contributions considered by our Board of Directors in order to strengthen democratic forces through a clean electoral process shall be extended only through the Progressive Electoral Trust in India, or by a similar transparent, duly-authorized, nondiscriminatory and non-discretionary vehicle outside India.

10.2 Government engagement: We conduct our interactions with them in a manner consistent with our Code.

10.2.1 We engage with the government and regulators in a constructive manner in order to promote good governance.

10.2.2 We do not impede, obstruct or improperly influence the conclusions of, or affect the integrity or availability of data or documents for any government review or investigation.

10.2.3 We conduct our interactions with them in a manner consistent with our Code. We shall cooperate fully with regulatory bodies, including the Reserve Bank of India, in their supervisory and inspection processes.

‍

11. RAISING CONCERNS

11.1 We encourage our employees, customers, suppliers and other stakeholders to raise concerns or make disclosures when they become aware of any actual or potential violation of our Code, policies or law. We also encourage reporting of any event (actual or potential) of misconduct that is not reflective of our values and principles.

11.2 Avenues available for raising concerns or queries or reporting cases could include:

(i) immediate line manager or the Human Resources department of our Company;

(ii) designated ethics officials of our Company;

(iii) the ‘confidential reporting’ third party ethics helpline (if available); or

(iv) any other reporting channel set out in our Company’s ‘Whistleblower’ policy.

11.3 We do not tolerate any form of retaliation against anyone reporting legitimate concerns. Anyone involved in targeting such a person will be subject to disciplinary action.

11.4 If you suspect that you or someone you know has been subjected to retaliation for raising a concern or for reporting a case, we encourage you to promptly contact your line manager, the Company’s Ethics Counsellor, the Human Resources department or the MD/CEO.

11.5 We have mechanism for disciplinary actions and procedures at three levels viz. the Supervisory Committee at the Board level, the Disciplinary Committee at regional level and a forum of the respective department and HR function and immediate supervisor/ skip level supervisor at department level. Depending on the severity of the violation, the forum shall be decided. The indicative list of misbehaviour or violations has been covered in Annexure 1.

11.5.1 Supervisory Committee

The Committee shall consist of the Board of Directors of the Company and the Head of Departments/Business, as required. The CEO of the Company shall chair the Committee meetings. This Committee shall review the irregularities in high risk areas, fraudulent irregularities, gross violations of the Code, the disciplinary action taken in that regard and staff accountability matters if such violations have perpetrated or could have perpetrated into frauds.

11.5.2 Disciplinary Committee

The Disciplinary Committee shall consist of the designated HR Head and Business Manager(s). This Committee shall meet to review all the cases which classify as irregularities in high risk areas, fraudulent irregularities or gross violations of the Code. This Committee may take appropriate disciplinary measures as elaborated in this Code as deemed fit considering the type and impact of the misbehaviour of the employee.

11.5.3 Immediate supervisor/ skip level supervisor

With respect to habitual irregularities of minor misconducts, the immediate supervisor may give an oral warning if it is the first or the second instance of misbehaviour. If the misbehaviour is repeated for the third time, then the skip level supervisor shall give an oral warning. Beyond three instances of misbehaviour, the skip level supervisor shall intimate the designated HR head and recommend the issue of a warning in writing to the erring employee.

11.6 In the interim, till the Company is in experiment mode - the board will determine / delegate to the CEO the set-up of a governance structure to define culture across the Company in the manner of conduct of employee behaviour with any of the stakeholders.

‍

12. DISCIPLINARY PROCEDURE

12.1 The primary objective of the disciplinary procedure is to make employees aware of the instance/s of apparent and reported breach of the Code/ misconduct on their part and to afford such employees with an opportunity of making submission against such reported instance/s including improving their attendance, work performance or amending/ rectifying their conduct as the case may be, should they fall below the standards expected by the Company. The Company will follow the below procedures for dealing with misconducts:

12.2 In the cases of minor misconducts oral warning will be given to the concerned employee by the immediate supervisor/skip level supervisor, which has to be documented by way of email to the designated HR head. With respect to habitual irregularities of minor misconducts, the immediate supervisor may give an oral warning if it is the first or the second instance of misbehaviour. If the misbehaviour is repeated for the third time, then the skip level supervisor shall give an oral warning. Beyond three instances of misbehaviour, the designated HR head shall issue warning in writing to the employee.

12.3 All complaints and proceedings with respect to irregularities in high risk areas, fraudulent irregularities or gross violations of the Code, in the region shall be addressed to and led by the designated Regional HR Manager for regions and designated Head - HR for Corporate Office. The HR in turn will convene the Disciplinary Committee for enquiry proceedings.

12.4 The Disciplinary Committee will consist of the Regional HR Manager and Regional Business Managers. The Committee shall have atleast 3 members and may be called upon as and when required. If the necessary quorum of 3 members is not available within the same region, the Head of Human Resources (HR) would appoint a suitable member from other locations, with similar responsibility.

12.5 An employee who is alleged to have committed an act of misconduct (other than minor misconduct) shall be given a show cause in writing by the designated HR head or such other officer/s who are so authorized by the management, calling for a written explanation within the specified time duration (minimum of 24 hours and not more than 7 working days, except if the employee requests for more time, in such a case the time can be extended to another 7 working days) from the time of receipt of the show cause.

12.6 The employee shall submit his explanation in writing accepting the guilt or refuting the allegations made against him in the charge-sheet within the stipulated time. The management shall consider the explanation submitted by the employee, and if the explanation is found to be not satisfactory, a domestic enquiry may be conducted. If for any reason, it is not possible to conduct the domestic enquiry, the management may straightaway proceed to take necessary disciplinary actions based on the available materials.

12.7 No domestic enquiry shall be necessary:

12.7.1 if any employee has been convicted of a criminal offence by a court of law.

12.7.2 where the management is satisfied for the reasons to be recorded in writing that it is not practicable to hold an enquiry in the manner provided in the service rules.

12.7.3 where the management is satisfied that in the interest of the security of the establishment, it is not expedient to hold an enquiry in the manner provided in these service rules.

12.7.4 where the charges are admitted by the employee.

12.8 The Disciplinary Committee shall appoint an enquiry officer from amongst the members of the committee or any outsider who is not a witness to the charges alleged against the employee. The employee will be communicated in writing the date, time and the place where the enquiry is to be conducted. The employee shall be given full opportunity to answer the charges and permitted to be defended by a co-employee working in the same unit in which he is detailed to work, except employees who are accused of the misconduct or against whom an enquiry is pending. No other employee or outsider shall be permitted to assist, defend or represent the employee in the domestic enquiry.

12.8.1 The enquiry officer shall submit his report to the Disciplinary Committee.

12.8.2 If after the enquiry, the employee is adjudged guilty and punished, he shall be deemed to have been absent from duty during the period of suspension and he shall not be entitled to any salary However, subsistence allowance paid during the period of suspension shall not be reclaimed.

12.8.3 If the employee is held not guilty, the order of suspension shall be withdrawn, if the employee is under suspension and the employee shall be deemed to have been on duty during the period of suspension and shall be paid salary as if he had not been placed under suspension after deducting the amount of subsistence allowance paid to him for such period.

12.9 Where for the order of dismissal, permission is required to be obtained from any authority/court/tribunal under law, the employee concerned shall be under suspension until orders are passed by the aforesaid authorities.

12.10 If during the enquiry, it is found that the employee is guilty of an act of omission or commission other than that stated in the show cause, and that act of omission or commission is an offence / misconduct, the management, at its discretion may, instead of issuing a fresh show cause, amend the original show cause accordingly, and the employee shall be given further opportunity for explaining and defending himself against the amended charge. Even in such cases, if the management feels that a fresh show cause should be issued, it shall be open to the management to do so.

12.11 In awarding punishment, the management shall take into account the gravity of the misconduct, previous record of the employee and any other extenuating or aggravating circumstances that may exist. The disciplinary action shall be communicated in writing to the employee concerned.

12.12 Corrective Action

Any violation of this Code is subject to corrective action up to and including termination of employment. The Company may prefer civil or criminal action against errant employees. Such actions may include penalties as deemed appropriate considering the nature of violation and its implications on the Company. These actions could be – Cautionary Action in the form of fines, Deterrent Action in the form of warning letters and Capital Action in the form of suspension or termination of the employee.

‍

13. ACCOUNTABILITY

13.1 This Code is more than a set of prescriptive guidelines issued solely for the purpose of formal compliance. It represents our collective commitment to our value system and to our core principles.

13.2 Every person employed by us, directly or indirectly, should expect to be held accountable for his/her behavior. Should such behavior violate this Code, they may be subject to action according to their employment terms and relevant Company policies.

13.3 When followed in letter and in spirit, this Code is ‘lived’ by our employees as well as those who work with us. It represents our shared responsibility to all our stakeholders, and our mutual commitment to each other.

‍

14. NOTE

14.1 The Code does not provide a comprehensive and complete explanation of all expectations from a Company standpoint or obligations from a stakeholder standpoint.

14.2 Our employees have a continuing obligation to familiarize themselves with all applicable law, Company-level policies, procedures and work rules as relevant. For any guidance on interpretation of the Code, we may seek support from our Company’s Ethics Counsellor.

14.3 For any query or clarification on the Code, please contact the office of the Company’s Chief Ethics Officer via email at:

Sunil.kumar.t@avantifinance.in

14.4 For further information on the Code please contact at the below mentioned email:

The Ethics Office,

Email: Sunil.kumar.t@avantifinance.in

‍

‍

The above is not an exhaustive list of misconducts and includes only the major misconducts.

Annexure 2 – Duties of directors

The duties of directors as per Section 166 of the Companies Act, 2013:

1. Subject to the provisions of the Companies Act 2013, a director of a company shall act in accordance with the articles of the company.

2. A director of a company shall act in good faith in order to promote the objects of the company for the benefit of its members as a whole, and in the best interests of the company, its employees, the shareholders, the community and for the protection of environment.

3. A director of a company shall exercise his duties with due and reasonable care, skill and diligence and shall exercise independent judgment.

4. A director of a company shall not involve in a situation in which he may have a direct or indirect interest that conflicts, or possibly may conflict, with the interest of the company.

5. A director of a company shall not achieve or attempt to achieve any undue gain or advantage either to himself or to his relatives, partners, or associates and if such director is found guilty of making any undue gain, he shall be liable to pay an amount equal to that gain to the company.

6. A director of a company shall not assign his office and any assignment so made shall be void.

7. If a director of the company contravenes the provisions of this Annexure 2 such director shall be punishable with fine which shall not be less than one lakh rupees but which may extend to five lakh rupees.

The duties of independent directors as per Schedule IV of the Companies Act, 2013:

1. undertake appropriate induction and regularly update and refresh their skills, knowledge and familiarity with the company;

2. seek appropriate clarification or amplification of information and, where necessary, take and follow appropriate professional advice and opinion of outside experts at the expense of the company;

3. strive to attend all meetings of the Board of Directors and of the Board committees of which he is a member;

4. participate constructively and actively in the committees of the Board in which they are chairpersons or members;

5. strive to attend the general meetings of the company;

6. where they have concerns about the running of the company or a proposed action, ensure that these are addressed by the Board and, to the extent that they are not resolved, insist that their concerns are recorded in the minutes of the Board meeting;

7. keep themselves well informed about the company and the external environment in which it operates;

8. not to unfairly obstruct the functioning of an otherwise proper Board or committee of the Board;

9. pay sufficient attention and ensure that adequate deliberations are held before approving related party transactions and assure themselves that the same are in the interest of the company;

10. ascertain and ensure that the company has an adequate and functional vigil mechanism and to ensure that the interests of a person who uses such mechanism are not prejudicially affected on account of such use;

11. report concerns about unethical behaviour, actual or suspected fraud or violation of the company’s Code of Conduct / Code of Business Ethics:

12. acting within his authority, assist in protecting the legitimate interests of the company, shareholders and its employees;

13. not disclose confidential information, including commercial secrets, technologies, advertising and sales promotion plans, unpublished price sensitive information, unless such disclosure is expressly approved by the Board or required by law.

Co-lending Policy

1. Introduction

Avanti Finance Private Limited (hereinafter referred to as ‘the Company’) has drafted the Co-lending Policy (hereafter referred to as “Co-Lending Policy” or “the Policy”) in accordance with the Reserve Bank of India (“RBI”) notification for the Co-Lending model - RBI/2020-21/63, FIDD.CO.Plan.BC.No.8/04. 09.01 /2020-21 dated November 05, 2020 (“CLM”).

2. Objectives of the Policy

This document covers the general principles and practices to be followed by the Company when entering into co-lending arrangements with partner institutions. The Policy will be applicable to all the categories of products and services offered by the Company under the co-lending model and apply to related operations such as customer sourcing, loan processing, loan servicing and collection activities.

3. Co-Lending Arrangement Modes

The Master Agreement entered into with partner institutions (Banks/NBFCs) for implementing the CLM could be one of 2 (two) options:

(i) Where the Company and the partner Bank/NBFC jointly originate the loan and take it on their respective books’ basis a pre-determined share (“Co Origination”); or

(ii) Where the Company originates the loan and subsequently transfers it to the partner Bank/NBFC (“Originate and Transfer”) with the partner institution retaining the right to reject certain loans subject to its due diligence.

If the co-lending model chosen is Option (ii) above, this arrangement will be akin to a direct assignment transaction. Accordingly, the taking over Bank/NBFC shall ensure compliance with all the requirements in terms of Guidelines on Transactions Involving Transfer of Assets through Direct Assignment of Cash Flows and the Underlying Securities issued vide RBI/2011-12/540 DBOD.No.BP.BC-103/21.04.177/2011-12 dated May 07, 2012 and RBI//2012-13/170 DNBS. PD. No. 301/3.10.01 /2012-13 dated August 21, 2012 respectively, as updated from time to time, with the exception of Minimum Holding Period (“MHP”) which shall not be applicable in such transactions undertaken in terms of the co-lending arrangement. The MHP exemption shall be available only in cases where the prior Master Agreement between the Company (on the one hand) and Banks / NBFCs (on the other hand) contains a back-to-back basis clause and complies with all other conditions stipulated in the guidelines for direct assignment.

4. Roles & Responsibilities

(i) Origination / Loan Sanction:

The Company will source leads of applicants who meet the eligibility criteria as per the credit policy agreed in terms of each co-lending arrangement.

In the case of a “Co-Origination” arrangement, a joint loan agreement will be executed with the borrower wherein both the Company and the partner Bank /NBFC will be parties as lenders in the agreement.

In the case of a “Originate & Transfer” arrangement, the Company will enter into the agreement with the borrower and the partner Bank/NBFC shall then choose to take over its share on back-to-back basis.

(ii) Interest Rate:

The Company and the co-lending partner would have the flexibility to price their part of the exposure in a manner found fit as per their respective risk appetite / assessment of the borrower and the RBI regulations issued from time to time.

Based on the respective interest rates and proportion of risk sharing, a single blended interest rate will be offered to the ultimate borrower in case of fixed rate loans. In the scenario of floating interest rates, a weighted average of the benchmark interest rates in proportion to the respective loan contribution, will be offered.

Company shall provide all information such as loan details including interest rate and other charges, details of risk sharing arrangement, etc., as and when called for by the RBI.

(iii) Know Your Customer (KYC):

The Company and the co-lending partner shall adhere to all applicable KYC / AML guidelines, as prescribed in the Master Directions - Know Your Customer (KYC) Direction, 2016, issued vide RBI/DBR/2015-16/18 Master Direction DBR.AML.BC.No.81/14.01.001/2015-16 dated February 25, 2016 and updated from time to time.

(iv) Borrower Agreement

The borrower loan agreement shall clearly contain the features of the arrangement and the roles and responsibilities of Company and the partner Bank/NBFC. All the details of the arrangement shall be disclosed to the customers upfront and their explicit consent shall be taken.

(v) Common Account

The Company and its partner Bank/NBFC shall open an escrow type common account for pooling respective loan contributions for disbursal as well as to appropriate loan repayments from borrowers, without holding the funds for usage of float. All transactions between the co-lending partners relating to the co-lending shall be routed through this escrow account.

The Company and partner Bank/NBFC shall maintain their share of the individual borrower’s accounts but should also be able to generate and share a single unified statement to the customer, through appropriate sharing of required information between the two entities.

(vi) Customer Communication & Grievance Redressal

The Company will be the single point of interface with the borrower for the purpose of the loan provided and will be responsible for providing a detailed explanation to the borrower regarding the co-lending arrangement and the roles and responsibilities of the co-lending entities. The Company will also be primarily responsible for providing the required customer service and grievance redressal to the borrower that will be in line with the customer grievance redressal policy approved by the board of directors (“Board”) of the Company.

However, any complaint registered by a borrower with the Company and/or partner Bank / NBFC, shall also be shared with the Bank / NBFC / Company and in case, the complaint is not resolved within 30 (thirty) days, the borrower would have the option to escalate the same with concerned Banking Ombudsman / Ombudsman for the Company or the Customer Education and Protection Cell (CEPC) in RBI as laid out in the Fair Practices Code adopted by the Company.

(vii) Reporting / Provisioning

Each of the Company and partner Bank/NBFC shall follow its respective and independent provisioning requirements including declaration of account as NPA, as per the regulatory guidelines respectively applicable to each of them. Each of the two entities shall carry out their respective reporting requirements including reporting to Credit Information Companies, under respectively applicable law and regulations.

(viii) Outsourcing of services

The Company will adhere to extant guidelines on outsourcing of financial services and the Outsourcing Policy approved by the Board. The outsourcing policy may be accessed at: https://www.avantifinance.in/policies#co-lending-policy.

(ix) Other policies & guidelines

Company will ensure that it adheres to the regulations prescribed by the RBI/any other relevant regulatory body. Subject to the relevant Master Agreement, Company’s policies shall continue to apply on loans disbursed under the co-lending arrangement.

(x) Other Operational Aspects

a) The co-lenders shall establish a framework for monitoring and recovery of the loan, as mutually agreed upon.

b) The co-lenders shall arrange for creation of security and charge as per mutually agreeable terms.

c) The loans under the CLM shall be included in the scope of internal/statutory audit within the banks and NBFCs to ensure adherence to their respective internal guidelines, terms of the agreement and extant regulatory requirement.

d) Any assignment of a loan by a co-lender to a third party can be done only with the consent of the other lender.

5. Policy Review and Updates

The implementation of this Policy shall be monitored and reviewed periodically by the Board of the Company.

This Policy was:

(i) drafted on behalf of the Company by: Nagaraj Subrahmanya, CRO

(ii) internally reviewed by: Rahul Gupta, CEO

(iii) approved by the Board of the Company on: September 07, 2022, revised on December 19, 2024

This Policy comes into effect from date of Board Approval.

Co-lending Disclosure

‍

Default Loss Guarantee (DLG)

‍

‍

Frequently Asked Questions on Moratorium during of Covid -19

Based on the recommendation from RBI to grant Moratorium on the subject of Covid -19 Regulatory package (Circular dated RBI/2019-20/186 DOR.No.BP.BC.47/21.04.048/2019-20), Avanti has decided to grant all borrowers a moratorium for EMI deferment falling due between the period March 01, 2020 to May 31, 2020(upto 92 days).    Frequently Asked Questions  

1.  What is Avanti’s response to the RBI announcement of EMI deferment?

Res) In line with the RBI’s suggestion, Avanti has decided to grant moratorium for 3 months starting 1st March 2020.  Accordingly -

1. Loan tenure of all active loans will increase by 3 months (at least).
2. Borrowers have the option of making repayment during this 3 month period and accordingly their interest will be calculated. (Some borrowers have already paid their March EMI).
3. Non-payment of EMI in these 3 months will not affect the DPD and hence will not be reported as delay/default to credit bureaus.
4. Interest will continue to accrue on the outstanding portion of the loans during the moratorium period

2.  What does granting moratorium for EMI deferment mean?

Res) Moratorium for EMI deferment means -  A2.1 - Borrowers whose EMI was due in March 2020 will be due now in June 2020, A2.2 - Borrowers whose EMI was due in April 2020 will be due now in July 2020  A2.3 - Borrowers whose EMI was due in May 2020 will be due now in August 2020.  The original schedule of these borrowers will be accordingly adjusted. Any borrowers who are not able to pay as per their original schedule i.e., in March, April and May 2020 will not be reported as “default” to the credit bureaus.  

3.  Will the borrowers pay interest for this period of March 2020 to May 2020?

Res) Interest will continue to accrue (accumulate in simple terms) based on the outstanding balance on a daily basis for these loans. This additional interest will be paid along with the last instalment.  

4.  Can borrowers make repayments during this period till May 2020?

Res) Yes. Borrowers can continue making repayments during this moratorium period. Avanti encourages all borrowers whose income is less affected to continue making the repayment during this period.  This will help borrowers avoid paying additional interest at the end of the loan period.  

5.  What are the avenues for repayment available for the borrowers during the coming 2 months?

Res) Borrowers can make payment through digital modes like UPI, NEFT, IMPS, Banking correspondents to their Loan numbers (e-collect numbers).  

6.  Should the partner and agents continue collection on the field?

 Res) Considering the lockdown imposed by the Central government, Avanti strongly recommends all partners and agents not to go out for collections. However, you can reach out to the borrowers through tele-calling to educate them on the advantages of repayments, modes of digital payment, moratorium granted by Avanti etc. Continuous contact with borrowers will be crucial for you to ensure the collections effort is minimal from June 2020.  

7.  Should the borrowers/Partners inform Avanti through any official mode to avail this moratorium benefit?

 Res) Avanti, in consultation with its partners, has granted the moratorium to all loans due to the impact of COVID-19 on various livelihoods.  However, the borrowers can continue to make repayments to  their respective e-collect numbers, if they want to.  

8.  What about the overdue amount from previous months (Before March 2020)?

Res) The overdue amount will need to be paid by the borrower and there is no relief. Borrowers are strongly advised to use the digital modes of repayment to pay the overdue amount and thereby not accrue additional interest on them.  

9.  What if the borrowers have already paid their March 2020 due? Will this be refunded?

Res) Considering that the borrower has made their March 2020 due, it will be considered that they have made their June 2020 due amount (prepayment of due and hence lesser interest). However, Avanti strongly recommends the borrowers to continue making payments in June 2020 also. Thereby, they can pre-close the loan in a shorter period and pay lesser interest.

‍

‍

Data Privacy and Security Policy

This document is an electronic record in terms of Information Technology Act, 2000 and rules there under as applicable. This electronic record is generated by a computer/electronic system and does not require any physical or digital signatures.

1. Introduction

a) Avanti Finance Private Limited (“Company” / “Us” / “We” / “Our”) has entered into business relationships with various partners (“Partners”) under the respective partner engagement agreement or master services agreement (each of which is referred as “Agreement”) whereby We appoint respective Persons (as defined below) as Partners (terms of the relevant Agreement) and engage them for the provision of certain services more particularly described in the Schedule of Services of the respective Agreement. In order to increase the efficiency of provision of services, the Partner may be provided access and usage to Our Website (as defined below) on the terms as given under the respective Agreement.

b) Moreover, access to Our Website is provided to any other Person who is not appointed as a Partner as mentioned in the paragraph above. Both classes of Persons (appointed Partners and other Persons) may have access and usage to Our Website and are recognized as Users in the manner as defined below.

c) We consider User relationship and data security to be an important component of Our service offerings through Our Website. We are committed to maintaining the confidentiality, integrity and security of any Personal Information (as defined below) of Our Users. We are proud of Our privacy practices and the strength of Our Website security and want the User (as defined below) to know how We protect information of User and use it to provide Our products and services to User.

d) This Data Privacy and Security Policy (“Policy”) gives a broad outline as to how We protect information provided by Users during the course of access and usage of Website. We constantly re-evaluate this Policy and adapt it to meet data security standards and to deal with new challenges.

e) Where applicable, this Policy shall be read in conjunction with the respective Agreement for the respective User under which such User may have been given access to Our Website (including the App).

f) By accessing or using Our Website, User consents and authorizes Us to collect, store, process, handle and use User Information (as defined below), in accordance with this Policy and any other terms and conditions of use of Website (as amended from time to time).

2. Definitions

In this Policy: (i) capitalized terms defined by inclusion in quotations and / or parenthesis have the meanings so ascribed; and (ii) the following terms shall have the following meanings assigned to them herein below:

“Applicable Law” includes all applicable Indian statutes, enactments, acts of the state legislature or parliament, laws, ordinances, rules, bye-laws, regulations, notifications, guidelines, directions, directives and orders of any governmental authority, statutory authority, board, as may be applicable including but not limited to Reserve Bank of India and in each case, any implementing regulation or interpretation issued thereunder including any successor Applicable Law;

“Non-Personal Information” shall have the meaning as provided under Paragraph 3(e) of this Policy;

“Person” shall mean any individual (including personal representatives, executors or heirs of a deceased individual) or legal entity, including but not limited to, any partnership, joint venture, corporation, trust, unincorporated organisation, limited liability company, limited liability partnership or governmental authority;

“Personal Information” shall mean certain personally identifiable information of the User as specified under Paragraph 3(a) of this Policy;

“User” / “You” / “Your” shall mean any natural or legal person who has access to and is using Website;

“User Information” shall have the meaning as provided under Paragraph 3(h) of this Policy; and “Website” shall mean and include https://avantifinance.in, mobile application of Company including with the name Avanti Early Access (“App”), any successor website/ applications, any website of related entity or any other channel facilitated and permitted by Company including but not limited to App, any other digital medium including phone, displays, emails, social media interfaces, messaging interfaces, wallet, payment intermediaries using Company’s interface.

3. Collection, Storage and Use of Information

Personal Information:

a) We may collect Your Personal Information when You voluntarily and successfully submit information against relevant fields on Our Website. Personal Information is the data that, alone or in combination with other information, can be used to uniquely identify You (“Personal Information”). Personal Information may include, without limitation, the following:

(i) Name

(ii) User ID(s)

(iii) Phone numbers

(iv) Email address (es)

(v) Mailing addresses

(vi) Banking and other financial data

(vii) Government identification numbers, eg., driver’s license number

(viii) Date of birth

(ix) Gender

(x) Health and disability data

(xi) Family information

(xii) Financial and asset information

b) In particular, if You register/log in to Our Website through any social media platform (for example, Google), then We may collect the following information:

(i) The email/phone number used on the social media platform to register/ log in;

(ii) The display name connected to the relevant social media account used; and

(iii) The profile image (if any) connected to the relevant social media account used.

c) Please note that the information We obtain from such social media accounts also depends on the privacy policies of the social media platforms and Your respective settings therein. Please check the respective policies to understand the privacy practices of those social media platforms.

d) In case of Partners, We may request such additional Personal Information as may be specified in or as part of the respective Agreement.

e) Purpose of Collection of Personal Information: Your Personal Information is collected when You voluntarily submit such information. It is used, handled and stored by Us for the purposes of Your identification/ verification and/or creation of Your account on Our Website. Accordingly, such information shall be retained by Us till the time You have access and use of Our Website or You communicate to Us Your decision to withdraw Your permission to store and retain such information. We will not retain Your Personal Information for longer than is required for the purpose herein.

Non-Personal Information:

f) When You visit the Website, We may collect certain non-personal information for the purpose of enhancing Your use of the Website (“Non-Personal Information”). This Non-Personal Information is in the nature of technical and navigational information generated each time You visit the Website, which are saved in Our server logs. The Non-Personal Information may include, without limitation, the following details in respect of:

(i) the server (Internet Protocol) from where the Website is being accessed;

(ii) the browser and operating system used to browse the Website;

(iii) links clicked, scrolled and pages visited;

(iv) details of Your last visit to the Website, including time, date and the duration of Your session on the Website, etc.; and/or

(v) cookies as per Paragraph 4 of this Policy.

g) Purpose of Collection of Non-Personal Information: Non-Personal Information is in the form of encrypted statistics, which helps Us in improving the efficiency of the Website by giving Us information relating to Your use of the Website.

h) Personal Information and Non-Personal Information are together referred to as “User Information” in this Policy.

i) By using Website, You consent and authorize Us to collect, store, process, handle and use such User Information, in accordance with this Policy and any other terms and conditions of use of Website (as amended from time to time).

j) We reserve the right to retain such User Information that forms part of anonymized and aggregated data derived from User Information which may be used for improvement of Our Website, to produce analytical reports, marketing, advertising or such other activities as We may deem fit.

4. Cookies

a) Like most other sites, We use data collection devices known as “cookies” to collect and store information of Users visiting the Website. A cookie is an alpha-numeric identifier, which is small amount of data that is sent to a User’s browser from a web server and is eventually

stored on a User’s computer hard drive. Cookies are a reliable mechanism to remember the

activities of the User on the Website and help in improving Your experience on the Website.

b) We may set and access cookies on Your computer to track and store preferential information about You. We may gather information about You through cookie technology. This anonymous information is maintained distinctly and is not linked to the Personal Information You submit to Us. The option of accepting cookies is up to You, however certain features of the Website including Content and the forms may not be accessible without accepting cookies. If You choose to eliminate cookies, the full functionality of the Website may be impaired for You.

c) Most cookies are session cookies that are automatically deleted from Your device’s hard drive when You close the browser/App. Additionally, You may encounter cookies or other similar devices on certain pages of the Website that are placed by third parties. We do not control the use of cookies by third parties and shall not be liable for any reason whatsoever for these third- party cookies.

d) We may use third party service providers to help Us analyse certain online activities. For example, these service providers may help us measure the performance of Our online campaigns or analyse visitor activity on the Website. We may permit these service providers to use cookies and other technologies to perform these services for Company. We do not share any Personal Information with these third party service providers, and these service providers do not collect such information on Our behalf.

5. User Rights

a) Review:

To ensure the accuracy and adequacy of the Personal Information provided by You, You shall at all times have the option of reviewing the same by requesting Us in the manner as provided under Paragraph 10 of this Policy.

b) Withdrawal of Consent:

You shall at all times have the option of refusing / withdrawing Your consent for the collection, storage and retention of Your Personal Information. In case of Partners, their right to refuse / withdraw consent shall also be subject to the respective Agreement.

c) Please note that Your refusal / withdrawal of consent may result in restriction/revocation of access and/or usage of Our Website. Please further refer to Paragraph 10 of this Policy for the manner of communication with Us.

d) Account Deletion:

You may choose to delete Your account at any time You like by requesting Us in the manner as provided under Paragraph 10. Please note that it may take up to 30 days to delete all of Your information, like the data stored in our backup systems. However, We may also preserve such information/data as required for legal reasons or to prevent harm.

6. Disclosure of User Information

a) We do not share Your User Information with any third parties for commercial use or revenue generation. However, We may share User Information with third party service appointed by Us who may be located in India or outside India:

(i) for sending SMS/ Email communications to You in relation to Website and Our products and services; and

(ii) to improve and personalize Our products and services. This may involve, for

example, activities such as troubleshooting and protection against errors; data analysis

and testing; and developing new features.

b) We ensure that such third-party service providers maintain strict confidentiality (ensuring the same level of confidentiality as maintained by Us) in respect of User Information. Our third party service providers are required to comply fully with this Policy.

c) Further, We reserve the right to utilize, share and/or disclose User Information if:

(i) required to do so to comply with orders of governmental authorities that have jurisdiction over it or as otherwise required by Applicable Law after providing You a written intimation prior to such disclosure; and/or

(ii) We determine, in Our sole discretion that disclosure of User Information is necessary to identify, contact, or bring legal action against You.

7. Indemnification

You agree to indemnify, defend and hold harmless Us and Our parent, subsidiaries, affiliates, partners, officers, directors, agents, contractors, licensors, service providers, subcontractors, suppliers, interns and employees, harmless from any claim or demand, including reasonable attorneys’ fees, made by any third-party due to or arising out of Your breach of this Policy or the documents they incorporate by reference (including the respective Agreement, where applicable for use of Website), or Your violation of any law or the rights of a third party.

8. Security Precautions

To prevent any form of unlawful interception or misuse of User Information, We use reasonable physical, electronic and managerial procedures to safeguard and secure User Information collected. We use reasonable secure and technologically appropriate measures, in compliance with the Information Technology Act, 2000 and the rules related thereto to protect You against loss or misuse of Your User Information including internal reviews of data collection, storage and processing practices and other reasonable security measures which are equivalent to security measures that We use to protect Our own confidential information. However, as You are aware, no internet website or online platform is completely free of security risks and We do not make any representation in respect of the same.

Data Retention

1. Company shall not retain or store Client Information for periods longer than is required except when such information may lawfully be used or is otherwise required under any other law for the time being in force or for the purpose of fraud prevention or regulatory compliance. Typically, Company may retain Client Information for 10 (ten) years.  For the first 5 (five) years, such Client Information shall be deemed (for internal purposes) as `Active Data’ and which may be accessed by Company’s personnel (on a need-to-know basis) for the purpose of delivery of Company’s services, internal records management, permitted disclosure to third parties and/or compliance under law. Thereafter, provided there is no interaction of Company with the relevant Client, it shall be treated (for internal purposes) as `Passive Data’. Company’s personnel may be provided access to Passive Data only upon express written permission of Chief Risk Officer (CRO).
2. By agreeing to avail the services offered by Company, Client has agreed to the collection and use of Client Information by Company. Client has the right to refuse or withdraw his/her consent to share/disseminate Client Information by contacting the Chief Operating Officer of the Company. However, in the event of your refusal or withdrawal of consent, Client shall not be able to avail any services of Company to the fullest extent.

‍

Data Destruction Practices:

Subject to law, Company’s data destruction practice is set out herein. All computer desktops, laptops, hard drives, and portable media are processed for proper disposal.  Paper and hard copy records shall be disposed of in a secure manner.  The destruction of data shall address the following:

I. evaluation and final disposition of sensitive information, hardware, or electronic media regardless of media format or type.

II. procedures may include shredding, incinerating, or pulp of hard copy materials so that sensitive information cannot be reconstructed.

III. Electronic Media (physical disks, tape cartridge, CDs, printer ribbons, flash drives, printer and copier hard-drives, etc.) shall be disposed of by one of the methods:

a. Overwriting Magnetic Media - Overwriting uses a program to write binary data sector by sector onto the media that requires sanitization;

b. Degaussing - Degaussing consists of using strong magnets or electric degaussing equipment to magnetically scramble the data on a hard drive into an unrecoverable state.

‍

9. Change in Privacy Policy

We reserve the right to update, modify and amend any of the terms of this Policy, at any time without prior intimation to You. These changes will become effective immediately on posting. We shall not be liable for any failure or negligence on Your part to review the updated Policy before accessing Website. Your continued access to Website, following changes to this Policy, will constitute Your acceptance of those changes.

10. Contacting Us

If You have any queries regarding: (i) this Policy; (ii) information and/or services available on Website, or (iii) Your dealings with Us or believe that We have not adhered to it, You may contact Us at Urvashi Bahirsheth, Company Secretary at urvashi@avantifinance.in.

11. Email Opt-Out

You can opt out of receiving Our marketing and update emails. To stop receiving our promotional emails, please email at info@avantifinance.in. It may take about ten days to process Your request. Please note that Your opting out of getting marketing messages would still enable You to receive transactional messages through email and SMS in relation to Your usage/access of Website.

12. Policy Review and Updates

The implementation of this policy shall be monitored and reviewed periodically by the Board of the Company.

This Policy was:

(i) Drafted on behalf of the Company by: Mrs. Urvashi Bahirsheth, Company Secretary

(ii) Internally reviewed by: Mr. Manish Thakkar, COO

(iii) Approved by the Board of the Company on: June 04, 2021, Revision 1 on : March 13, 2023, Revision 2 on: August 10, 2023, Revision 3 on : November 08, 2024

This revised Policy comes into effect from date of approval of the Board.

Repayment Moratorium Policy of Avanti Finance Private Limited

Reserve Bank of India (RBI) has released the Statement of Developmental and Regulatory Policies on March 27, 2020 that directly addresses the stress in financial conditions caused by COVID-19. One of the policies relates to easing financial stress caused by COVID-19 disruptions by relaxing repayment pressures and improving access to working capital. In this area, RBI has permitted all lending institutions including NBFCs to grant a moratorium of three months on payment of all instalments falling due between March 1, 2020 and May 31, 2020. RBI has permitted to shift the repayment schedules and all subsequent due dates, as also the tenor for such loans across the board by three months. RBI has also asked all the lending institutions to put in place a Board approved policy in this regard. Our company being a Non-Banking Finance Company registered with RBI has framed the following policy after considering the policy guidelines issued by RBI vide circular no. RBI/2019-20/186 DOR. No. BP. BC. 47 / 21.04.048 /2019-20 dated March 27, 2020: Approved by the Board of Directors of Avanti Finance Private Limited on April 03, 2020 Relief measures approved by the Board for the retail loans outstanding as on March 31, 2020

1. All borrowers will be given the option of a moratorium for EMI falling due between the period March 01, 2020 to May 31, 2020 (upto 92 days) without a change in the EMI amount.

1. All borrowers will be given an option to continue making repayments falling due between the moratorium period in case their cash flows permit & they are not in favour of extending their loan tenure & paying additional accrued interest for the moratorium period.
2. Interest will continue to accrue on the outstanding portion of the term loans during the moratorium periodand will be collected along with the last EMI or additional installment.
3. The revised asset classification of the loans will be on the basis of revised due dates and the revised repayment schedule. The same will be shared with the Credit Information Companies (Regulatory requirement).

Relief measures approved by the Board for the institutional loans outstanding as on March 31, 2020 All institutional borrowers will be provided an option to opt for moratorium. However, decision pertaining to grant of moratorium will be solely made by Avanti, on a case to case basis. For further details, you may click here for FAQs related to moratorium under Covid-19. In case you seek any clarification, you may write to us at info@avantifinance.in.

Client Privacy Policy

_{1. SCOPE AND PURPOSE OF THIS POLICY}

1. 1.1 In this Client Privacy Policy (“Policy”), “we” or “us” or “our” means Avanti Finance Private Limited (“Company”), and includes its executive directors, officers, employees, as the context may require.
2. 1.2 The scope of this Policy is to ensure the protection of interests of Clients (as defined below) of Company in respect of personal information shared by Clients with Company and provide a broad-level mechanism to regulate the use of such information by the Company.
3. 1.3 This Policy has been framed and adopted by us in line with our commitments under the Information Technology Act, 2000 and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules,2011 and other applicable laws of India.
4. 1.4 This Policy applies to all persons (natural or juristic) who seek to or have availed loan from Company or from any other financial institution wherein Company acts in the capacity of business correspondent or any other similar capacity (“Clients”), and have, in the process, shared their personal information with Company (“Client Information”).

1. 1.5 This Policy delineates various measures that we shall endeavor to take in operationalising our commitment.
2. 1.6 By agreeing to avail the services offered by Company, Client agrees to the collection and use of Client Information by Company.

‍

‍_{2. TYPES OF CLIENT INFORMATION COLLECTED}

2.1 Company may, for the purpose of providing services to Clients, collect the following types of Client Information:

1. 2.1.1 Personal Information: Includes any information collected from the Client that is about his/her family, health, consumption behaviour, personal preferences, attitudes, beliefs or living conditions. It may include the following:
2. (i) Name, gender, residential / correspondence address, telephone number, date of birth, marital status, size of family, details of family members, email address or other contact information; and/or
3. (ii) PAN, KYC Status, signature and/or photograph.
4. No biometric data is stored/ collected in the systems, unless allowed under extant statutory guidelines

1. 2.1.2 Financial Information: Includes any information collected from the Client regarding his/her businesses, income, expenses, immoveable assets, moveable assets, loans outstanding, repayment history, guarantors, or collateral Bank account or other payment instrument details; or any other detail which may be required by us for providing services.

2.2 Client Information is collected from Client on a voluntary basis and is necessary in order for the Client to avail services from Company. Client is not required to provide the Client Information that the Company requests, and, if Client chooses not to do so, Company may not be able to provide Client with services or respond to any queries Client may have. Company and its affiliates may share this Client Information with each other and use it consistent with this Policy. They may also combine it with other information to provide and improve Company products, services, content, and advertising.

2.3 To ensure the accuracy and adequacy of the Client Information, Client shall at all times have the option of reviewing the same by requesting Us in the manner as provided under paragraph 7.2 of this Policy.

‍

_{3. PURPOSE OF COLLECTION}

3.1 Company collects, retains, and uses Client Information in order to provide financial and other services to Clients. Accordingly, such information is collected for specified business purposes, such as:

1. 3.1.1 to process financial and non-financial transaction request;
2. 3.1.2 to undertake research and analytics for offering or improving Company services;
3. 3.1.3 to check and process Client’s applications which may be submitted for availing any financial services;
4. 3.1.4 to share any updates/changes to the services and their terms and conditions with Client;
5. 3.1.5 to take up and investigate any complaints/claims/disputes;
6. 3.1.6 to respond to Client’s queries and feedback submitted by Client;
7. 3.1.7 for verification of Client’s identity and other parameters; and
8. 3.1.8 to fulfil the requirements of applicable laws / regulations and / or court orders /regulatory directives.

‍

_{4. DISCLOSURE OF CLIENT INFORMATION}

4.1 Company may disclose Client Information only under the following circumstances (List available at https://www.avantifinance.in/policies#digital-lending-complaince):

1. 4.1.1 RBI/SEBI/ NSE/ BSE/ MCX /Asset Management Companies of Mutual Funds /Registrar and transfer Agents / Collecting Banks / KYC Registration Agencies and other such agencies, solely for the purpose of processing your transaction requests for serving you better;
2. 4.1.2 To process loans with any other bank/non-banking financial company/other financial institution where Company is acting as agent/banking correspondent or in any similar capacity under a valid contract;
3. 4.1.3 As part of valid contracts with service providers such as Credit bureaus, NSDL etc; as required for the purpose of loan processing and any research agencies/ external consultants, etc.;
4. 4.1.4 Where Client has permitted Company to disclose Client Information to a third party located in India or outside India, Company shall ensure that there is written permission from the Client authorising the disclosure, except where the disclosure is required under law.

‍

_{5. RETENTION OF CLIENT INFORMATION}

1. 5.1 Company shall not retain or store Client Information for periods longer than is required except when such information may lawfully be used or is otherwise required under any other law for the time being in force or for the purpose of fraud prevention or regulatory compliance. Typically, Company may retain Client Information for 10 (ten) years. For the first 5 (five) years, such Client Information shall be deemed (for internal purposes) as `Active Data’ and which may be accessed by Company’s personnel (on a need-to-know basis) for the purpose of delivery of Company’s services, internal records management, permitted disclosure to third parties and/or compliance under law. Thereafter, provided there is no interaction of Company with the relevant Client, it shall be treated (for internal purposes) as `Passive Data’. Company’s personnel may be provided access to Passive Data only upon express written permission of Chief Risk Officer (CRO).
2. 5.2 By agreeing to avail the services offered by Company, Client has agreed to the collection and use of Client Information by Company. Client has the right to refuse or withdraw his/her consent to share/disseminate Client Information by contacting the Chief Operating Officer of the Company. However, in the event of your refusal or withdrawal of consent, Client shall not be able to avail any services of Company to the fullest extent.
3. 5.3 Data Destruction Practices: Subject to law, Company’s data destruction practice is set out herein. All computer desktops, laptops, hard drives, and portable media are processed for proper disposal. Paper and hard copy records shall be disposed of in a secure manner. The destruction of data shall address the following:
4. 5.3.1 evaluation and final disposition of sensitive information, hardware, or electronic media regardless of media format or type.
5. 5.3.2 procedures may include shredding, incinerating, or pulp of hard copy materials so that sensitive information cannot be reconstructed.
6. 5.3.3 Electronic Media (physical disks, tape cartridge, CDs, printer ribbons, flash drives, printer and copier hard-drives, etc.) shall be disposed of by one of the methods:
7. (i) Overwriting Magnetic Media - Overwriting uses a program to write binary data sector by sector onto the media that requires sanitization;
8. (ii) Degaussing - Degaussing consists of using strong magnets or electric degaussing equipment to magnetically scramble the data on a hard drive into an unrecoverable state.

‍

_{6. SECURITY PRACTICES AND CONTROL MECHANISM}

1. 6.1 Company uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of Client Information. These include internal reviews of our data collection, storage and processing practices and security measures, such as appropriate encryption and physical security measures to guard against unauthorized access to systems where we store personal data.
2. 6.2 Company maintains physical and electronic safeguards to protect Clients’ personal and financial information. Company has placed the mechanisms outlined below to ensure information – both physical and electronic data storage, access, retrieval, sharing of data.

Information Management and Data Security

1. 6.3 Records may be transferred from and between offices of Company/ third party service providers for record keeping purposes. We ensure that such third-party service providers maintain strict confidentiality (ensuring the same level of confidentiality as maintained by Us) in respect of Client Information.
2. 6.4 The database of current Clients and those Clients who do not have any current loan outstanding with Company are properly archived and kept and stored in the same manner as we store data/ documents of our Clients.
3. 6.5 All Client data/ records/ documents/ information shall be maintained by Company for such time period as may be required as per applicable laws.

_{Specific Authorization}

1. 6.6 Authorized personnel may see data from all the branches, but rights to edit or modify the data are given to select personnel with specific login access.
2. 6.7 Client database changes require the Chief Risk Officer, Chief Operating Officer and Chief of Partnerships to authorise / approve the changes.
3. 6.8 Each personnel who accesses the database uses an individual username and password.
4. 6.9 Whenever an employee logs into the database, their name, the information they query.
5. 6.10 Company has a strong back-up system in which it uses a combination of hardcopy and digital backups of Client information. Company’s system backs- up all information on our cloud servers located in India periodically.

_{7. COMPLAINT REDRESSAL MECHANISM}

7.1 It is the Company’s constant endeavour to put the interests of its Clients first and to provide them with financial solutions that are right for them. In keeping with its promise, the Company looks forward to receiving both positive and negative feedback from the Clients on its products and services.

7.2 Any discrepancies and grievances related to the processing and use of Client information can be raised to the grievance officer appointed by Company as below:

Nodal Officer

Name: Saurabh Kumar

Designation: Nodal Officer

Email: saurabh.kumar@avantifinance.in

‍

Grievance Officer

Name: Sunil K Tadepalli

Designation: Grievance Officer

Email: sunil.kumar.t@avantifinance.in

The grievances of the Clients will be redressed in the manner provided below:

(i) Clients can register grievances through email id and toll-free number provided at the Company’s branches / Head Office / website and at any other place where the business of the Company is transacted.

(ii) After examining the matter, the Company will endeavour to send the Client its response expeditiously and intimate the stakeholder how to escalate the complaint to higher level, if they are not satisfied with the response.

(iii) Clients have to confirm whether the grievance has been resolved to their satisfaction or not. The grievance will be deemed to be closed, if Client does not respond via toll free number or email.

(iv) The Company shall also request the Client to provide feedback on the services rendered. This can be done through direct contact by staff or through specific stakeholder satisfaction surveys that may be conducted from time to time.

(v) A periodical review of the above mechanism at various levels of management would be undertaken by the Company.

_{8. POLICY REVIEW UPDATED}

This document shall be reviewed by the CRO and shall be reviewed at least once a year. Reviews shall also account for any significant business changes and/or any regulatory requirements.

This Policy was:

(i) Drafted on behalf of the Company by: Mr. Manish Thakkar, COO and the time when the request is made, are all recorded in a query log.

(ii) Internally reviewed by: Mr. Nagaraj Subrahmanya, CRO

(iii) Approved by the Board of the Company on: June 05, 2021, Revision 1 on: March 13, 2023, Revision 2 on: August 10, 2023, Revision 3 on: October 31, 2023, Revision 4 on: December 19, 2024.

‍

Members of the Committee:

Chief Risk Officer (CRO), Chief Operating Officer (COO), Chief of Partnerships (COP) and Chief Product Officer (CPO)

Invitee:

Company Secretary, Chief Audit Officer (CAO), Chief Financial Officer (CFO) and VP of Product.

Quorum:

Minimum three members of the committee‍

Chairperson of the meeting: 

The Chief Operating Officer (COO). In case, the Chief Operating Officer (COO) who is the Chairman of the IT Steering Committee is absent from the meeting, then the members of the IT Steering Committee should nominate the Chairman for the meeting from the members who are present at the meeting.

Purpose:

The primary role of The Information Technology Steering Committee (ITSC) is to exercise oversight and governance over the organization’s IT function.

Responsibilities:

Accountability is a key concern of IT governance and this may be achieved via an organizational structure that has well-defined roles for the responsibility of information, business processes, applications, and IT infrastructure.

The IT Steering Committee is responsible for the following:

a.  Understanding technology risks that confront the organization and ensuring that they are properly managed and mitigated.

b.  Monitoring IT performance and recommending appropriate actions to ensure the achievement of desired results. Such as;

(i).  Providing the Board with adequate information on IT performance, the status of major IT projects or other significant issues, to enable the Board to make well- informed decisions on the Organization’s IT operations.

(ii).  Review, regular monitoring, and recommend revisions to the Board, of the Organization’s IT Strategic Plan in the context of the business strategy.

c.  Compliance oversight

d.  Review and assessment of the adequacy of the Terms of Reference at least annually or updating whenever there are significant changes therein, and ensuring that subsequent changes are approved by the Board of Directors.

Authority:

The IT Steering Committee advises the Chief Product Officer about current and future IT-related issues, initiatives, and recommendations.

Frequency of the meeting:

The IT Steering Committee will meet at least once every quarter or as needed to accomplish its duties

Agenda for the meeting:

Will be shared by the COO before every meeting

Notice for the meeting:

Meeting notice should be shared a week before the meeting

Regulatory requirements:

The meeting should be recorded and MOM should be added to the board pack, for all four meetings.

Reporting:

The ITSC shall present or submit periodic reports to the Board offering a summary of its activities, issues, and related recommendations, delivered by the CPO. In addition, committee members will disseminate meeting agendas, minutes and supporting documents to ensure that various stakeholders of AFPL are aware of the work and recommendations of the committee.

Charter Review updated

This document shall be reviewed by the COO, and shall be reviewed at least once a year. Reviews shall also account for any significant business changes and/or any regulatory requirements.

This Charter was:

i.  Drafted on behalf of the Company by: Mr. Nagaraj Subrahmanya, CRO Manish Thakkar, COO

ii.  Internally reviewed by: Mr. Manish Thakkar, COO

ii.  Approved by the Board of the Company on: March 13, 2023

Members of the Committee

Chief Executive Officer (CEO), Chief Risk Officer (CRO), Chief Operating Officer (COO), Chief  Product Officer (CPO), Chief of Partnerships (COP) , three board members (including the CEO)

Invitee

Company Secretary, Chief Audit Officer (CAO), Chief Financial Officer (CFO) 

‍Chairperson

The Chairperson of the Information Technology Strategy Committee shall be an independent  Director, who is nominated by the board members. In case, the independent director who is the  Chairman of the ITSC is not present for the meeting, then the members of the ITSC should  nominate the Chairman for the meeting from the members who are present at the meeting.

Quorum

Minimum three members of the committee.

Frequency of the meeting

Once every three months. The Chairperson of ITSC should attend the ITSC strategy meeting atleast once every six months. The IT Strategy Committee will meet at least once every quarter or as  needed to accomplish its duties.

Terms of reference

Role of IT Strategy Committee can be referred from the Terms of reference of the IT strategy  committee document.

Charter Review updated

This document shall be reviewed by the COO, and shall be reviewed at least once a year. Reviews  shall also account for any significant business changes and/or any regulatory requirements.

1. Introduction

Avanti Finance Private Limited (“Company”) provides access to information, physical assets, computer devices, networks, and other electronic information systems to meet missions, goals, and initiatives and must manage them responsibly to maintain the confidentiality, integrity, and availability of its information assets. This policy requires the users of information assets to comply with company policies and protects the company against any damages to assets or relevant legal issues emerging from unacceptable use of assets.

Over the past two decades, the proliferation of technology has enabled the cohabitation of human beings with constantly connected devices, networks, software and services. As a digital-first financial services entity, Avanti Finance Private Limited has built a digital lending platform that benefits both consumers and businesses from the active interactions between people and technology.

Company conducts business in a complex environment of opportunities, risks, vulnerabilities and threats. The Cyber Security Policy offers broad guidelines to Company concerning the Identification, Protection, Detection, Response, and Recovery of people and systems, building agility and resilience for the organisation.

The Reserve Bank of India has regularly issued guidelines to the sector concerning the protection of information and people. These guidelines cover aspects related to Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds. The Cyber Security Policy of Company seeks to assist its management and employees to take note of the dynamic ecosystem of technological evolution and persistent threats, remaining alert to risks and producing processes and practices to protect the organisation and its various stakeholders.

The Cyber Security Policy shall protect the interests of the business, internal and external stakeholders, including customers, business partners and employees. It also helps the organisation fulfill statutory & regulatory requirements. In instances, where the policy may not afford explicit or unambiguous guidelines on a relevant aspect of cyber security, the management and employees are encouraged to embrace leading practices borrowing from leading competitors.

Each individual and entity interacting, using or administering Company’s technology and information assets shall abide by this policy. The policy serves to inform customers, employees, vendors and other authorized users of their obligatory requirements for protecting the technology and information assets of the business. The policy describes some of the user’s responsibilities and privileges. The policy describes user limitations and informs users there will be penalties for violation of the policy.

‍

2. Objectives

The objectives of the policy include but are not limited to -

1. Protect the Confidentiality, Integrity and Availability of the information assets of the organisation
2. Maintain the privacy of customer information and any proprietary business information
3. Comply with relevant regulatory and statutory requirements in a timely manner
4. Establish responsibility and accountability for cyber security in the organisation
5. Ensure the effective management of related incidents
6. Protect information at rest, motion, use and change

‍

3. Scope

All employees, contractors, consultants, temporary and other workers at Company, including all personnel affiliated with third parties must adhere to this policy. This policy applies to information assets owned or leased by Company, or to devices that connect to a Company network or resides at Company’s website.

The IT team, vendors and related outsourcing partners shall practice secure measures to protect the organisation. These activities shall cover the following elements –

1. Network Management and Security
2. Secure Configuration
3. Application Security Life Cycle (ASLC)
4. Patch/Vulnerability & Change Management
5. User Access Control / Management
6. Authentication Framework for partners and customers
7. Secure mail and messaging systems
8. Vendor Risk Management
9. Protect Removable Media
10. Anti-Phishing Measures
11. Data Leak Prevention strategies
12. Maintenance, Monitoring, and Analysis of Audit Logs
13. Audit Log Settings
14. Vulnerability Assessment and Penetration Test
15. Incident Response & Management

‍

4. Governance

The information security team shall be responsible for the day-to-day implementation of Cyber Security related measures at Company. The Information Security Committee shall be accountable for the effective management of the team. The Information Security Committee and IT Strategy Committee shall review the work performed by the team and offer oversight and support to the function. The Information Security Committee shall present the workings of the information security team to the IT Strategy Committee on an annual basis, or upon facing any severe disruption lasting more than twelve hours due to the lack of or failure of cyber security controls.

Role of the IT Strategy Committee can be referred from the Terms of reference of the IT strategy committee document.

Role of Information Security Committee

1. Review cyber security incidents and relevant responses
2. Ensure cyber security awareness and training for the employees of the organisation
3. Review the implementation of cyber security related procedures
4. Plan and implement periodic vulnerability assessment and penetration testing by independent, suitably qualified entities
5. Review VAPT reports and relevant action taken measures to ensure correction and compliance within a reasonable period of time
6. Ensure adequate allocation of resources for the effective implementation of cyber security controls
7. Evaluate and provide approval/rejection decisions related to resource allocations
8. Offer an annual report to the board setting out the security processes and mechanisms of Company, including a summary of risks and controls

‍

5. Cyber Crisis Management Plan

The Company shall implement a Cyber Crisis Management Plan (Plan) which will encompass coordination with stakeholders such as RBI, CERT-In, etc.

This Plan will form an integral part of Company’s Information Technology Governance Policy and shall, at minimum, require the following:

a. Incident Management:

The Company shall use the existing incident management system/ process adopted and implemented for information security.

b. Reporting:

The Company shall proactively report cyber security incidents to RBI, CERT-In, and other applicable authorities within the timeline as may be notified from time to time.

‍

6. Monitoring & Review

The policy and procedures related to cyber security shall be reviewed at least once annually. In the event of a significant systems change (including process, hardware and software) or an unplanned disruption lasting more than twelve hours, the policy and procedures shall be called into review with immediate effect, irrespective of the date of the previous review.

Observations and incidents shall be recorded in Jira at the instance they reach the attention of an employee, partner or any other stakeholder internal or external to the business. These incidents shall be assigned relevant priority and addressed effectively by the cyber security team. All changes to the systems, processes and controls shall be submitted to the Information Security Committee for their review each month.

A thorough VAPT by a suitably qualified entity shall be conducted at least once in six months or at any significant change/event, whichever occurs earlier.

Individuals or entities, including the senior management of the organisation, violating the cyber security policy, procedures or controls shall be presented to the Information Security Committee for a violation review. The committee shall exercise its collective powers to initiate and complete appropriate disciplinary action, including termination from services, where necessary without any limitation or hindrance. The aggrieved entity can appeal the decision made by the Information Security Committee (ISC) through an immediate appeal to the IT Strategy Committee. Any appeal shall be made within twelve hours of the ISC decision. In the interim period between the initial verdict and the consideration of the appeal, the aggrieved entity shall remain disallowed from any form of access to the information assets of the organisation. Further and final action can be communicated and implemented with no further internal recourse to the entity violation policy, procedure or controls. If any member or chair of a particular committee is deemed to commit such a violation, they shall excuse themselves from the duties of the committee till a final decision is implemented by the organisation.

The cyber security team shall collect and report a summary of cyber security incidents to the RBI and any other relevant statutory body proactively

The next section of this policy document shall cover key elements of interest for Company and its stakeholders, with a view to strengthening and sustaining a strong cyber security culture for the organisation.

I. Confidential Data

Company defines "confidential data" as:

1. Unreleased and classified financial information
2. Customer, supplier, and shareholder information
3. Customer leads and sales-related data
4. Patents, business processes, and/or new technologies
5. Employees' passwords, assignments, and personal information
6. Company contracts and legal records

II. Device Security Company Use

To ensure the security of all company-issued devices and information, Company employees are required to:

1. Keep all company-issued devices, including tablets, computers, and mobile devices, password-protected (minimum of 8 characters)
2. Device should be locked when left unattended
3. Refrain from sharing private passwords with coworkers, personal acquaintances, senior personnel, and/or shareholders
4. Regularly update devices with the latest security software

Personal Use

Company recognizes that employees may be required to use personal devices to access company systems. In these cases, employees must report this information to management for record-keeping purposes. To ensure company systems are protected, all employees are required to:

1. Keep all devices password-protected (minimum of 6 characters for mobile, 8 characters for other handheld or desktop equipment and devices)
2. Ensure all personal devices used to access company-related systems are password protected
3. Lock all devices if left unattended
4. Ensure all devices are protected at all times
5. Always use secure and private networks

III. Email Security

Protecting email systems is a high priority as emails can lead to data theft, scams, and carry malicious software like worms and bugs. Therefore, Company requires all employees to:

1. Verify the legitimacy of each email, including the email address and sender name
2. Avoid opening suspicious emails, attachments, and clicking on links
3. Look for any significant grammatical errors
4. Avoid clickbait titles and links
5. Contact isms@avantifinance.in upon receipt of any suspicious emails.

IV. Data Transfer

Company recognizes the security risks of transferring confidential data internally and/or externally. To minimize the chances of data theft, we instruct all employees to:

1. Refrain from transferring classified information to employees and outside parties
2. Only transfer confidential data over Company networks, use Cloud services related access controlled links
3. Obtain the necessary authorization from senior management
4. Verify the recipient of the information and ensure they have the appropriate security measures in place
5. Adhere to Company data protection guidelines and non-disclosure agreements
6. Immediately alert isms@avantifinance.in of any breaches, malicious software, and/or scams

‍

7. Disciplinary Action

Violation of this policy can lead to disciplinary action, up to and including termination. Company’s disciplinary protocols are based on the severity of the violation. Unintentional violations only warrant a verbal warning, repeat violations of the same nature can lead to a written warning, and intentional violations can lead to suspension and/or termination, depending on the circumstances of the case.

‍

8. Awareness

The management shall ensure that stakeholders have access to the policy and awareness of their responsibilities toward the organisation. An awareness session shall be conducted at least once in six months. Awareness shall be considered an ongoing effort and stakeholders shall be informed of the relevant risks and controls regularly using media such as emails, internal meetings and discussions.

‍

9. Regulatory Reference

Master Direction on Information Technology Governance, Risk, Controls and Assurance Practices, 2023

1. Introduction

Avanti Finance Private Limited (hereinafter referred to as “the Company”) has framed the Policy on Asset Classification and Provisioning Norms (hereafter referred to as “Asset Classification and Provisioning Norms Policy” or “the Policy”) to set out the guidelines, principles and approach to manage NPAs of the Company and put in place a framework to identify, assess, measure, monitor, control and containment of NPA at minimum level and ensuring that their impingement on financials are minimum.

2. Objectives of the Policy

This Policy on Asset Classification and Provisioning Norms is applicable to all lending activities of the Company.

The quality and performance of advances have a direct bearing on the profitability of the Company. Despite an efficient credit appraisal, disbursement and monitoring mechanism, problems can still arise due to various factors and give scope for Non-Performing Assets (“NPA”). These factors may be internal or external.

The objective of the Policy on Asset Classification and Provisioning Norms is to ensure that asset quality of the company remains sound on a sustained basis and adequate provision is made on non-performing assets.

3. Scope

The Policy on Asset Classification and Provisioning Norms attempts to analyse the common reasons for delinquency and suggests preventive measures for avoidance of default. The scope of the Policy would include the following:

3.1 Provide standards and guidance towards identification, classification and provisioning of NPAs.

3.2 Provide the roles and responsibilities for the activities relating to the recognition of non- performing assets (“NPAs”) and provisioning on assets.

3.3 Provide process of review and control.

3.4 Provide reporting and disclosures relating to NPAs and provisioning.

3.5 Strengthen the management of NPAs and proactive initiatives to prevent generation of fresh NPAs.

4. Income Recognition

Income from Non-Performing Assets (NPA) is not recognised on accrual basis but is recognised as income only when it is actually received. Therefore, the Company should not charge and take to income account interest on any NPA.

Fees and commissions earned by the Company as a result of re-negotiations or rescheduling of outstanding debts should be recognised on an accrual basis over the period of time covered by the re-negotiated or rescheduled extension of credit.

4.1.  Reversal of Income 

For advances which become NPA, the entire accrued interest which has been credited to income account in the past periods, shall be reversed if the same is not realised.

Fees, commission and similar income that have accrued to NPAs shall cease to accrue in the current period and reversed with respect to past periods, if uncollected.

Passing of entries for reversal of interest is to be done only for those accounts, which have been identified as fresh NPAs.

4.2.  Appropriation of recovery in NPAs

Interest realised on NPAs may be taken to income account if the credits in the accounts towards interest are not out of fresh/ additional credit facilities sanctioned to the borrower concerned.

In the absence of any specific agreement between the Company and the borrower, any recoveries in NPA shall be first adjusted towards the the unpaid principal and residual amount, if any, shall be adjusted towards unrealized interest/charges. This appropriation logic requires a change to the platform and hence will be effective only once the necessary changes are made on the platform. Until then, appropriation logic used will be as earlier - first adjust to unrealized interest / charges and then the residual amount, if any, will be adjusted to the principal.

4.3.  Recoveries in Compromise Settlements 

Recoveries in NPA accounts in which compromise is accepted and the compromise amount is less than or equivalent to the real account balance, shall be adjusted to the real account balance only.

For NPA accounts in which compromise is accepted and the compromise amount is more than the real account balance, recovery over and above the real account balance shall be credited to P&L interest on Loans. Company shall ensure that compromise settlement is accepted as a last resort for recovery. It shall not be encouraged as a common practice. Approval from designated authorities shall be reckoned for all such settlements.

5. Asset Classification 

Non-Performing Assets

An asset becomes non-performing when it ceases to generate income for the Company. A "Non-performing Asset" (NPA) is a loan or an advance where, interest and/or instalment of principal remain overdue for a period of 90 days or more.

All accounts classified as Non-performing Assets are further classified into following three categories based on the period for which the asset has remained non-performing and the realisability of the dues:

• (i) Sub-standard Assets
• (ii) Doubtful Assets
• (iii) Loss Assets

Sub-standard Assets

A Substandard asset would be one,

• (i) which has remained NPA for a period less than or equal to 12 months. Such an asset will have well defined credit weaknesses that jeopardize the liquidation of the debt and are characterised by the distinct possibility that the Company will sustain some loss, if deficiencies are not corrected.
• (ii) an asset where the terms of the agreement regarding interest and/ or principal have been renegotiated or rescheduled or restructured after commencement of operations, until the expiry of one year of satisfactory performance under the renegotiated or rescheduled or restructured terms.

Doubtful Assets 

An asset would be classified as doubtful if it has remained in the Sub-standard category for a period more than 12 months. A loan classified as doubtful has all the weaknesses inherent in assets that were classified as sub-standard, with the added characteristic that the weaknesses make collection or liquidation in full, – on the basis of currently known facts, conditions and values – highly questionable and improbable.

Loss Assets

A loss asset is one where loss has been identified by the Company or internal or external auditors or the RBI inspection, but the amount has not been written off wholly. In other words, such an asset is considered un-collectable and of such little value that its continuance as a bankable asset is not warranted although there may be some salvage or recovery value.

Loan accounts classified as NPAs may be upgraded as ‘standard’ asset only if entire arrears of interest and principal are paid by the borrower. In case of borrowers having more than one credit facility, loan accounts shall be upgraded from NPA to standard asset category only upon repayment of entire arrears of interest and principal pertaining to all the credit facilities.

6. Provisioning requirements 

In conformity with the prudential norms, provisions should be made on the non-performing assets on the basis of classification of assets into prescribed categories. Taking into account the time lag between an account becoming doubtful of recovery and its recognition as such the Company should make provision against sub-standard assets, doubtful assets and loss assets as below:

6.1  Standard Assets 

Company shall make a provision of 0.40% of the outstanding Standard Assets which shall not be reckoned for arriving at NPAs. The provision towards standard assets should not be netted from gross advances but shall be shown separately as ‘Contingent Provisions against Standard Assets’ in the balance sheet.

6.2  Sub-standard assets

Company shall make a general provision of 10% of total outstanding of these assets.

6.3  Doubtful Assets

Company shall make a provision of 100% of the extent to which the advance is not covered by the realisable value of the security to which the Company has a valid recourse, and the realisable value is estimated on a realistic basis. 

6.4  LLoss Asset

Loss asset should be written off. If the loss assets are permitted to remain in the books for any reason, 100% of the outstanding should be provided for.

Additional provisions may be taken for certain loan accounts on the recommendations of the collections team based on their assessment of the collectability of the loan account.

7. Write Offs

All possible means of recovery of due amounts should be made prior to recommendation to write off the amount from the books of the Company. Waiver of legal action can be recommended only for cases where the management is satisfied that the borrower has no tangible security or attachable assets, has no adequate income for repayment and no useful purpose will be served by resorting to legal recourse.

Guidelines for write off recommendation:

• a) Cases beyond 180 DPD should be recommended for write-off unless there is a reasonable indication that recovery is possible from the loan account
• b) Cases between 90 DPD and 180 DPD can also be recommended for write offs in cases where (i) there is adequate indication that there is very little possibility of recovery from the loan account or (ii) there is adequate loss guarantee available to be invoked against the loans which are between 90 and 180 DPD
• c) In cases of death, account may be written off prior to 90 DPD
• Approvals for all write offs should be taken as per the approval matrix laid out in the Credit Committee Terms of Reference.
• Any recoveries from the written off loan will be entered in the system towards repayment of the borrower and the same shall be reduced from the written off amount

8. Reporting Requirement & Disclosures 

The Company shall disclose in their Annual Financial Statement:

(i) NPAs and movement of NPAs

(ii) Provision for NPA

(iii) Product wise NPA

(iv) Concentration of NPA i.e. total exposure to top four NPA accounts.

• The Company shall identify incipient stress in the account by creating a sub-asset category viz. 'Special Mention Accounts' (SMA) as outlined below: 

(i) SMA-0: Principal or interest payment not overdue for more than 30 days but account showing signs of incipient stress

(ii) SMA-1: Principal or interest payment overdue between 31-60 days

(iii) SMA-2: Principal or interest payment overdue between 61-90 days

The Company will report to the Central Repository of Information on Large Credits (CRILC) data on all borrowers' credit exposures including SMA categorized accounts having aggregate fund-based and non-fund based exposure of INR 50 million and above.

9. Regulatory Reference

This policy is framed as per the following regulatory references and in accordance with leading industry practice:

Master Direction – Reserve Bank of India (Non-Banking Financial Company – Scale Based Regulation) Directions, 2023.

10. Policy Review and Updates 

The Policy shall be reviewed as and when required or at least once in a year, to suit the needs of the Company with the approval of the board and to comply with revised guidelines issued by RBI from time to time.

• (i) Drafted on behalf of the Company by: Mr. Nagaraj Subrahmanya, CRO
• (ii) Internally reviewed by: Mr. Rahul Gupta, CEO
• (iii) Approved by the Board of the Company on: October 30, 2017, Revision 1 on: March 13, 2023 and Revision 2 on: November 12, 2024

This revised Policy comes into effect from date of approval of the Board.

PURPOSE: 

The purpose of the Credit Committee is to assist the Board of Directors and Senior Management Team in fulfilling its responsibilities by providing oversight of Company policies and management activities relating to the identification, assessment, measurement, monitoring, and management of the Company’s credit risk.

The Avanti Credit Committee (CC) shall have all the Senior Management Team (SMT) being part of the same. This consists of Chief Executive Officer (CEO), Chief Risk Officer (CRO), Chief Operating Officer (COO), Chief of Partnerships (COP) and Chief Product Officer (CPO). The CC may invite other members of the Avanti team or advisers by invitation.

All partner onboarding and disbursements (including credit policy & pricing changes) will have to be approved by the CC. In addition to the above, only material events/programs shall be tabled to the CC. Other policy matters may also be tabled by any functional leader on items such as liquidity, capital allocation, significant investments, partner updates, external risks, data security etc. In some matters, the CC may also be used for circulations and noting purpose only as a functional leader may have brought an item to resolution via prior discussions.

The CC will evaluate proposed material changes to Avanti's risk profile or risk appetite arising from planned new or increased business and/or the risks associated with entry into relationships, programs and/or geographical areas

Portfolio management:

The CC, with a minimum quorum of 4 members, CRO mandatory, will  review the company’s portfolio quality, discuss key issues and propose any remedial actions where required in a monthly CC Meeting for Portfolio Quality Review (PQR).

This review will cover

• i) Portfolio Trends
• ii) Delinquency Trends & Collections efficiency
• iii) Customer account management
• iv) Policy matters relating to

1. Delinquency and aging of accounts on system
2. Provisioning and Write-offs
3. Forbearance and restructuring

v) Operating Risk e.g concentration risk, partner issues etc

vi) Fraud incidents

vii) Industry trends

viii) Any other items / policies which have an impact on the financials of the company based on portfolio credit quality

New Product Introduction (NPI) and product changes

All NPI’s e.g., new insurance products for customers or changes to the product structures (including credit policy & pricing changes) will need approval from the CC

QUORUM:

The quorum for the CC will be a minimum of three out of the five members being present with CRO's presence being mandatory. All         members will try and be present for the meeting. The CRO shall chair the meeting. Any matter shall be deemed passed subject to the majority of the members being in favour of the motion. In the event that there being a tie, the chair shall have the deciding vote.

The Company Secretary shall be the secretary for the meeting and shall be the custodian of the proceedings of the meeting.

Delegation of Approvals Matrix

Sanctions

The operating principle of the delegation of approvals from an execution standpoint would be to have 80%+ of all credit decisions being managed between Partnerships, Operations and Risk. In line with the operating principle, the following is the approval matrix:

• A) FPO/Institutional Loans:
• i)  New Entities:

1. Upto INR 2Cr -  CRO plus 1 SMT (maker, checker)
2. INR 2 – 10 Cr –  CRO, 1 SMT and CEO
3. Above INR 10 Cr -  CRO, 1 SMT, CEO & 1 Board Member
   

ii)  Renewals: 

1. Upto INR 5Cr - CRO + 1 SMT member.
   

1. INR 5 – 20Cr – CRO, 1 SMT and CEO
2. Above INR 20Cr - CRO, 1 SMT and CEO + 1 Board Member

As a matter of good principle and leadership visibility, all new FPO/Institutional onboarding should be tabled at Leadership meeting or via written circulation prior to disbursement

B) Retail Loans: 

All members of the SMT have the delegation to approve all retail loans.

In case of delegations to be provided to additional personnel, the CRO + 1 SMT may authorise the same. This should be after careful consideration and taking into account the knowledge & training of the candidate

Note: Not more than 2 approvals in a year for any partner by the same committee. If more than 2 approvals, then approval will be required by the next higher approval authority

Partner Exposure / Reviews:

Max AUM limit by partner: 250 Cr

Detailed review with RMC of all partners with exposure > 100 Cr on a quarterly basis

Max AUM concentration by partner: 15%

Max AUM concentration by state: 20%

WriteOffs

‍

Fraud 

‍

The Committee shall review and assess the adequacy of this Charter bi-annually. The Committee may recommend amendments to this Charter based on internal or external requirements, at any time with documentation of the reasons.

Record of updates:

This TOR was:

(i) drafted on behalf of the Company by: Nagaraj Subrahmanya, CRO

(ii) internally reviewed by: Rahul Gupta, CEO

(iii) last update by the Board of the Company on: March 13, 2023

(iv) approved by the Board of the Company on: April 29, 2024

This TOR comes into effect immediately on the above date of approval.

1. Introduction

Avanti Finance Private Limited (hereinafter referred to as ‘the Company’) has framed the Credit risk Management policy (hereinafter referred to as “Policy”) to set out the guidelines, principles and approach to manage credit risks for the Company and put in place a framework to identify, assess, measure, monitor and control credit risks in a timely and effective manner.

‍

2. Objectives of the Policy 

The key objectives of the Policy are as under:

The Policy has been designed to achieve the following key objectives:

(i) Establish a governance framework to ensure an effective oversight, segregation of duties, monitoring and management of credit risk in the Company.

(ii) Lay down guiding principles for setting up & monitoring of the credit risk appetite & limits.

(iii) Establish standards to facilitate effective identification and assessment of credit risks in the Company enabled by the internal credit scoring framework.

(iv) Establish standards for effective measurement and monitoring of credit risk.

(v) Achieve a well-diversified portfolio enabled by concentration risk management and maintaining credit risk exposures within established credit limits.

(vi) Establish principles for credit risk stress testing for securitisation arrangement and portfolio purchased by the company.

(vii) Enable monitoring of credit risk by way of Early Warning Signals (EWS).

(viii) Adhere to the guidelines/policies related to credit risk management, as issued by the Reserve Bank of India (RBI) from time to time.

‍

3. Scope

This aims at outlining the Company’s credit risk management framework and establishing the guidelines for offering the products i.e. Line of Credit, Personal Loan and Farmer Financing products for credit risk mitigation purposes.

The Company will also have its own benchmark rate which shall be determined on the basis of considering the average cost of funds including administrative cost and average return on net worth which the risk management committee/department and finance department will determine / review on quarterly basis.

‍

4. Credit Risk Governance Framework 

The credit risk governance framework establishes the responsibility and approach through which the Board of Directors and the management functions (i.e., Business, Risk, Internal Audit functions) of the Company govern credit risk management issues. An effective governance framework ensures the independence of the credit risk function (i.e., risk managing function) from the business function (i.e., risk taking function). Through an effective Board-approved credit risk governance framework, the Company seeks to ensure adequate risk oversight, monitoring and control of credit risks.

The Company has set out the following governance structure and corresponding roles and responsibilities for the effective management of credit risk.

4.1. Governance Structure 

The credit risk governance framework is designed with consideration to the following key principles:

(i) Risk Management department will take the risk, manage the risk, will do the risk reporting and analysis, and will be responsible for implementing corrective actions to address process and control deficiencies. Board of Directors will provide policy guidance and recommendations.

(ii) Risk Management Department shall retain accountability for managing the credit risks.

(iii) The governance structure shall promote transparency, accountability, communication and flow of information.

(iv) The Board would be responsible for firm-wide credit risk management.

(v) Senior management understands all the products / activities of the Company giving rise to credit risk and understands the basis of the credit risk management framework.

(vi) The Company has staff with sufficient expertise and appropriate skill sets to perform risk management tasks and is supported by appropriate tools and technology.

(vii) All material credit risks are identified and measured, exposures are aggregated and management attends to the risky exposures.

Based on the above guiding principles, the credit risk governance framework of the Company comprises of the following:

(a) Board of Directors (“BoD”)

(b) Risk Management Committee (“RMC”)

4.2. Board of Directors

The Board of Directors (“Board”) of the Company is responsible for providing oversight for overall credit risk management at the Company. The key responsibilities of the Board relating to credit risk management include:

(i) Approving and periodically reviewing the business and credit risk management strategy and the credit risk appetite.

(ii) Approving the credit risk management policy and framework as required.

(iii) Ensuring the establishment of a robust credit risk management culture by delegating responsibilities for key decision making and controls to appropriate management authorities.

(iv) Assessing the adequacy of capital needed to support business activities undertaken by the Company.

(v) Provide adequate supervision for the decisions taken by the delegated authority.

4.3. Risk Management Committee 

The Risk Management Committee is a committee of the Board of the Company. The key responsibilities of the Risk Management Committee relating to credit risk management include:

(i) Ensure implementation of credit risk policy and strategy approved by the Board.

(ii) Monitor quality of loan portfolio at periodic intervals, identifying problem areas and issuing directions for rectifying deficiencies.

(iii) Monitor credit risks on the Company-wide basis and ensuring compliance with the approved risk parameters/ prudential limits and monitor risk concentrations including geographic exposures as per Credit Concentration Risk norms;

(iv) Incorporate regulatory compliance in the Company’s policies and guidelines in regard to credit risk;

(v) Review the use of internal risk rating systems for business and risk management purposes and placing recommendations before the Board;

(vi) Bring to the attention of Board material issues for information / recommendation / approval; and

(vii) Review and approve the credit risk stress testing scenarios, results and analysis.

‍

5. Products

The Company intends to offer following products to customer including but not limited to:

(i) Term Loans for meeting working capital / project funding to organisations

(ii) Individual loans, specifically:

(a) Livelihood Loans

(b) Microfinance Loans

(c) Agriculture and Livestock Loans

(d) Personal Loans

(e) Medical, education and Emergency Loans

‍

6. Portfolio Monitoring

6.1 Portfolio Trigger

(a) This will be managed and monitored by Risk Management Department.

(b) Trigger will be implemented based on criteria such as Delinquency at a partner level exceeds 5% of the total loan disbursed and other criteria as defined by the Risk Management department.

6.2 Process of visiting delinquent customers

(i) Delinquent customers are visited as part of the regular monitoring and the reasons for delinquency is evaluated.  .

(ii) After visits, reports are submitted to the Risk team in standard format and concluded within 15 working days.

‍

7. Policy Review and Updates 

This Policy represents the minimum standards for credit risk management and is not a substitute for experience, common sense and good judgment. Given that the Credit Risk Management Policy is to be flexible and responsive to changing market and regulatory conditions, it will be reviewed by the Chief Risk Officer (CRO) from time to time and any revisions will be updated at least annually or as necessary. In the event that clarification on interpretation is required, consultation must first be sought from the risk function.

The Policy shall be approved by the Board of Directors and put up for review to the Risk Management Committee at least annually.

‍

8. Regulatory References

Master Direction- Reserve Bank of India (Non-Banking Financial Company- Scale Based Regulation) Directions, 2023.

‍

9. Key Definitions

(i) Credit Risk: Credit risk is defined as the possibility of losses associated with diminution in the credit quality of borrowers or counterparties. In the Company’s portfolio, losses stem from outright default due to inability or unwillingness of a borrower to meet commitments in relation to settlement.

(ii) Borrower: Borrower is defined as any entity or individual that the Company has credit exposure to.

(iii) Exposure: Exposure will include credit exposure to partners or organizations (B2B loans). The sanctioned limits or outstanding to partners or organizations (B2B loans), whichever are higher, shall be reckoned for arriving at the exposure limit.

(iv) Credit Score: Credit score is a numeric value derived using product-specific scorecards (generally referred to as credit scorecards), that determine the riskiness of a borrower application for a particular asset product. The credit score generally considers credit history, income characteristics, borrower capacity to pay as well as product-specific characteristics. The score cards wherever used, will be developed, validated and approved by designated authorities and assignment of scores to credit applicants/loan accounts will be automated.

(v) Credit Concentration Risk: Risk concentration refers to the risk that any single exposure or group of correlated exposures (within the same activity / industry / geography / any other segment) which may potentially produce losses large enough (relative to the Company’s capital, totals assets, or overall risk level) to threaten Company’s health or ability to maintain its core operations. To mitigate these risks, there are state-wise exposure limits based on a percentage to the total loans given by the Company and others as may be decided by the company.

(vi) Early Warning Signals: Early warning signals help in early identification and reporting of problem accounts and is the first step towards containing slippages and minimising the risk of loss. Borrowers could be identified as weak on the occurrence of various triggers relating to performance on existing loan account or any other factors that may negatively affect the repayment behaviour of the borrower.

‍

10. Policy Review and Updates

The implementation of this Policy shall be monitored and reviewed periodically by the Board of the Company.

This Policy was:

(i) Drafted on behalf of the Company by: Mr. Nagaraj Subrahmanya, CRO

(ii) Internally reviewed by: Mr. Rahul Gupta, CEO

(iii) Approved by the Board of the Company on: October 30, 2017, Revision 1 on September 30, 2022, Revision 2 on: March 13, 2023, Revision 3 on: December 19, 2024.

This revised Policy comes into effect from date of approval of the Board.

1. Introduction  

RBI notified the updated Master Directions on Information Technology Governance, Risk, Controls and Assurance Practices (“Master Directions”) on 7th November 2023, aimed at a consolidated framework across regulated entities in relation to IT governance and  processes. One of the key guidelines provides for governance structure as summarized below:

I. Board of Directors (“Board”): Approval of strategies and policies related to IT function;

II. IT Strategy Committee: Ensure that a robust IT strategic plan is adopted by the Company;

III. IT Steering Committee: Assists the IT Strategy Committee in strategic IT planning and ensures that the measures taken under such planning is implemented across various functions / departments of the Company;

Chief Information Security Officer (CISO): A member of the senior management of the Company specifically appointed to drive cyber security strategy and ensure compliance with regulatory instructions

Avanti Finance Private Limited (hereinafter referred to as ‘the Company’) has adopted the Information Technology Policy (hereafter referred to as “Information Technology Policy” or “the  Policy”) in accordance with statutory and regulatory requirements as applicable.

1. Purpose

The Company has laid down an IT Policy to:

1. Govern operations of the IT function while aligning to the business strategy and relevant industry best practices/standards;
2. Ensure compliance to all relevant statutory and regulatory requirements that are  applicable to the IT function.

2. Applicability

1. This policy is managed by the IT Strategy Committee (ITSC) of the Company.
2. The IT policies in this document will be followed by all IT and relevant business personnel as applicable.

3. Document Maintenance and Distribution

1. The IT Strategy Committee will review the information technology process  and policy framework at least annually.
2. It is the responsibility of the IT Strategy Committee to monitor, initiate and obtain relevant approvals for  any changes/revisions required to this document.
3. All editions of this policy will be version controlled.
4. The IT Strategy Committee is responsible for distributing approved revisions of the document to concerned stakeholders.

4. Waiver/Exception  

Waivers to the IT policy and guidelines in this document will be formally submitted to the  IT Strategy Committee, including justification and benefits attributed to the waiver, and it will be  approved by the IT Strategy Committee where the waiver is deemed fit for business considerations. The waiver will only be used in exceptional situations when communicating any non-compliance with the IT policy and guidelines for a specific case/period of time. At the completion of the case/time period, the need for the waiver will be reassessed and re-approved by the IT Strategy Committee, if necessary.

The waiver will be monitored by the IT Strategy Committee to ensure its concurrence with the specified period of time and exception.

5. IT Organization Structure & Governance  

IT Strategy Committee is responsible for owning and delivering IT services in accordance with business objectives. IT Strategy Committee will be responsible to deliver business expectations. Keeping in view the pervasive nature of technology, it is essential that business stakeholders have appropriate involvement in making key technology decisions.

IT Strategy Committee shall develop and maintain an organizational structure reflecting business and technology needs of the company. IT Strategy Committee will establish and communicate the IT-related roles and clearly define responsibilities and accountability.

The organization structure will be established taking into consideration the following:

1. Resources required for the execution of the IT strategy

2. Key Stakeholders

3. Communication needs

4. Any applicable statutory and regulatory requirements

‍

2. Project Management

a. A detailed project plan covering the business case for system acquisition/development will be developed for all projects as deemed necessary by the IT Strategy Committee and will include the cost-benefit analysis, success criteria, risk management, funding and resource requirements.

b. Specific risks associated with individual projects will be treated through a systematic process of planning, identifying, analyzing, responding to, monitoring and controlling the areas or events that have the potential to cause unwanted change.

c. Accountability for achieving the benefits, controlling the costs, managing the risks, and coordinating the activities and interdependencies of multiple projects will be clearly and unambiguously documented, assigned and monitored. Where accountability is assigned,  accountability will be accepted and sufficient authority will be assigned.

d. The responsibilities, relationships, authorities and performance criteria of project team members, and sponsors will be defined.

e. Periodic monitoring of the project's progress will be carried out by the IT Strategy Committee and timely remedial actions will be taken in case of delays.

‍

3. IT Strategy

IT Strategy Committee:

1. Will consider the current organization's environment, business processes and future  objectives to arrive at the conclusion for the direction of the IT strategy.  

2. Will understand the business strategy of the Company and develop an IT strategy  which aligns with the business strategy and objectives, and this will be reviewed at least once a year.

3. Will also consider any criteria that are based on industry factors, applicable legal and regulatory requirements.

‍

4. IT Budgeting

a. IT investment requirements in support of business/IT strategy will be identified,  categorized, prioritized, and agreed upon.  

b. IT investment programs will specify the following: 

1. The business benefit expected and performance to be achieved  
2. The method for measuring outcomes  
3. Accountability for achieving the outcomes
4. The expected delivery schedule for each outcome

c. A decision-making process will be followed to prioritize the allocation of IT resources for operations, projects and maintenance to optimize the return on the enterprise’s portfolio of  IT investment programs and other IT services and assets.  

d. Costs incurred by IT will be identified along with their allocation across the IT budget and projects.  

e. A formal IT budget will be defined and implemented.  

f. The relevant costs and benefits for IT investments will be reviewed and approved by the Board.

g. Variances between budgeted and actual costs will be analyzed and reported to relevant stakeholders by the Finance Team.

h. Monitoring and reporting costs against the budget and managing costs will be done through the yearly review and the budget utilization report will be maintained by the Finance Team.

‍

5. IT Resource Management

The Company will maintain and annually review an inventory for all IT assets including but not limited to hardware and software.  

Performance of critical IT systems/Infrastructure along with IT partners’ service level performance will be monitored periodically by the IT Strategy Committee.  

‍

6. IT Operations

IT Strategy Committee:

1. Will manage appropriate processes and activities required to deliver the IT strategy and ensure that it adds value to the organization’s IT requirements.  

2. Will develop procedures and standards/guidelines as necessary to support its endeavour in implementing the information systems.  

3. Recognize the maker-checker concept to reduce the risk of error and misuse and to ensure reliability of data/information.  

4. Will enable the provision of system-generated reports for the  management team summarizing financial position including operating and non-operating revenues and expenses, cost-benefit analysis of segments/verticals, cost of funds, etc.

5. Conduct a gap analysis exercise once a year against the current statutory/regulatory requirements as necessary to formulate and implement an appropriate remediation plan.

6. Will manage the following under IT operations (including but not limited to the following):  

a. IT asset/ Equipment management & configuration  

b. Backup and restoration  

c. Network Management  

d. Change & Release management  

e. Define & manage IT third-party services  

f. System and Software development  

g. Database implementation and support  

h. Access Control  

i. Manage problems and IT events and incidents  

j. Filing of regulatory returns to RBI (where applicable)

‍

7. IT Risk Management

IT Operations and business risks will be managed during the project lifecycle by the IT Steering Committee  and relevant business heads. Also, the IT Steering Committee will lay down procedures for the assessment and treatment of IT risks and drive the annual IT risk assessments with the involvement of relevant stakeholders from business functions.

‍

8. IT  Security Management 

1. Purpose

The broad purpose of IT security management shall be to respond to security incidents within agreed timelines and mitigate any damage from security incidents (Cybersecurity Events). Additionally, the following goals are also sought to be addressed herein:  

1. To set up a channel for quick reporting of Cybersecurity Events and make employees aware of the point of contact for reporting incidents;  

2. To set up an internal team to correct or recover from the incident based on agreed parameters; and

3. Ensure that event reporting and escalation procedures are in place;  

The steps outlined herein apply to all systems, people and processes that constitute the organization’s information systems, including board members, directors, employees, other third  parties who have access to services systems of Company (for the purpose of this Section 8,  the aforementioned personnel shall be referred to as “Personnel”).  

The approved Information Security (IS) policy of the organization will be followed and implemented with necessary controls which are defined by the Information Security Committee (ISC) along with CISO.

‍

2. Reporting Procedure

Personnel can report Cybersecurity Events by any of the following means:  

1. Sending mail to isms@avantifinance.in  

2. Call the helpdesk at 080-41689310 in case the incident requires immediate attention.  

Personnel should make sure that any Cybersecurity Event, even if it is of a minor nature, is not left unreported, as it may cause harm if left unattended over a period of time.  

As an indicative illustrative list of what may constitute a Cybersecurity Event, the following may be referred:  

1. Virus attack  

2. Denial of Service  

3. Unauthorized access  

4. Modification of information/data  

5. Compromise of user/Personally identifiable information (PII) data

6. Loss of sensitive information  

7. Misuse of information & computing resources  

8. Incidents related to physical security such as but not limited to, laptop lost, unauthorized entry into premises, assault, etc.

3. Response Procedure  

Upon reporting a Cybersecurity Event, the IT Steering Committee may record the details and further delegate  the response (with regard to the severity of the reported incident) to any authorized personnel  in this regard. In any case, the following information shall be recorded:

1. Date and time of the incident;  
2. Location of the incident;  
3. Type of incident (securitybreach/weakness/malfunction);  
4. Brief description of the incident;  
5. Name and designation of the personreporting the incident;  
6. Name and designation of the personreceiving the report of the incident;  
7. Name and designation of a person to whomany task with respect to investigation or otherwise is delegated;  
8. Identification of the root cause of theincident;
9. Action taken by the person authorized to doso;
10. The Root cause analysis to developpreventive approaches to avoid similar incidents; and  
11. Close date in respect of the incident.  

Conduct an awareness programme for employees and other related stakeholders about Information Security and incident management on a quarterly basis. This shall be delivered either digitally or physically.

9. Information Security Committee (ISC)

The ISC is established under the oversight of the IT Strategy Committee (ITSC) to ensure the effective management of cyber and information security within the organization. The ISC is responsible for overseeing security initiatives, ensuring compliance with regulatory requirements, and mitigating cybersecurity risks in alignment with the organization's risk appetite. For a detailed structure and operational framework of the ISC, refer to the ISC Charter.

‍

10. Appointment and Responsibilities of CISO

The Chief Information Security Officer (CISO) is responsible for articulating the IS Policy that the Company uses to protect the information assets apart from coordinating the security related issues within the Company as well as relevant external agencies.

Responsibilities of CISO:

a. The CISO is responsible for driving cyber security strategy and ensuring compliance to the extant regulatory/ statutory instructions on information / cyber security.

b. The CISO is responsible for enforcing the policies that Company uses to protect its information assets apart from coordinating information/ cyber security related issues within the Company as well as with relevant external agencies.

c. The CISO is a permanent invitee to the ITSC and IT Steering Committee.

d. The CISO’s office manage and monitor Security Operations Centre (SOC) and drive cyber security related projects.

e. The CISO’s office ensures effective functioning of the security solutions deployed.

f. The CISO shall directly report to the CEO or CRO of the Company; and

g. CISO reviews the cyber security risks/ arrangements/ preparedness of the Company before the Board/ ITSC on a quarterly basis.

h. Reporting to CERT-In:  

On the occurrence of any Cybersecurity Event, the Company shall as soon as possible, through the CRO, report such event to the Computer Emergency Response Team of India (CERT-In) in accordance with the Information Technology (Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013.

i. Establish and maintain security policies and standards for the organization to follow.

j. Directs staff in identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology risks.  

k. Ensure that disaster recovery and business continuity plans are in place and tested.  

l. Arrange for backup of data with periodic testing.  

m. Enable independent investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.  

n. Maintain a current understanding of the IT threat landscape for the industry.  

o. Ensure compliance with the changing laws and applicable regulations, and translate that knowledge to the identification of risks and actionable plans to protect the business.  

p. Schedule periodic security audits internally.  

q. Provide training and mentoring to security team members.

r. On reporting of a Cybersecurity Event, CISO may initiate action by directing any authorized personnel or set of such personnel to respond, correct and prevent similar incidents in future. A detailed report of the critical incident will be made by the CISO.

11. Change and Patch Management

4. All proposals for new features and/or changes to IT systems will go through a systematic approval process which includes cost benefit analysis of the change, risk assessment of the proposed changes and monitoring plan for the proposed changes. In addition, the Company will evaluate all changes in a test environment first prior to  taking it live. The Company governs this process through the Board approved Change Management policy of the organization.

‍

12. Data Migration Policy

5. In instances where there is a need for Data Migration, the detailed rationale, process and monitoring plan for the same will be presented to the IT Strategy Committee for approval prior to implementation. The CISO will be responsible for the execution of the data migration and will report back to the IT Strategy Committee once the migration is completed

‍

13. Digital Signatures

When using digital signatures, the Company endeavors to use such Digital signatures to protect  the authenticity and integrity of important electronic documents and also for high value fund transfer.

‍

14. Mobile Financial Services  

The Company shall develop mechanisms for safeguarding information assets that are used by mobile  applications to provide services to customers. The technology used for mobile services should  ensure confidentiality, integrity, authenticity and must provide for end-to-end encryption.

‍

15. Use of social media  

Where the Company uses any relevant social media to market its products, Company shall ensure that its social media accounts(s) are safeguarded with proper controls such as encryption and secure connections to prevent risks such as account takeover and/or malware attack / disruption.

‍

16. Password Policy

Passwords are an important aspect of IT security. A poorly chosen password may result in unauthorized access and/or exploitation of the resources of the Company. This section details the standard for the creation, maintenance and change cycle for strong passwords. All users, including employees, contractors, vendors and all other stakeholders with access to systems of the Company are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.  

b. Password Construction  

Strong passwords have the following characteristics:  

1. Contain at least three of the five following character classes:  

2. Lowercase characters  

3. Upper case characters  

4. Numbers  

5. Punctuation  

6. “Special” characters (for example: @#$%^&*()_+|~-=\`{}[]:";'<>/, etc.)  

7. Contain at least 8 alphanumeric characters.  

c. Password Protection Standards  

a) Change cycle:  

(i) All cloud service management passwords must be changed at least once every 90 days.  

(ii) All administrative passwords for the platform must be changed at least once every 180 days.  

(iii) All user-level passwords (e.g., email, web, desktop computer, etc.) must be changed at least once every 365 days.

b) Personnel shall use different passwords for official and personal accounts.  

c) Personnel shall not share official passwords with anyone.  

d) Passwords should never be written down or stored online without encryption.  

e) Personnel shall not reveal their password in email, chat, or other electronic communication;  or speak about a password in front of others.  

f) If someone demands a password, refer them to this document and direct them to the CRO.  

g) Passwords should be changed immediately in case of password leakage is noticed or suspected.  

h) If an account or password compromise is suspected, report the incident to isms@avantifinance.in.

17. Business Continuity

Company shall ensure that:  

1. It identifies critical business verticals, locations and shared resources to come up with the detailed business impact analysis. Due regard shall be given to account for any impact of any unforeseen natural or man-made disasters on the Company’s business;  

2. It understands the vulnerabilities associated with interrelationships between various  systems, departments and business processes. It shall endeavor to come up with the probabilities of various failure scenarios and evaluate various options for recovery and  minimization of losses in case of a disaster;  

3. It considers the need to put in place necessary backup sites for its critical business systems and data centres; and  

4. It tests the business continuity plan annually as well as when significant IT or business changes take place.  

5. Review cloud service arrangements and SLA for business continuity once every six months.

IT Steering Committee will approve and oversee the annual business continuity plan strategy and road map. Business continuity plans are reviewed and maintained periodically to  incorporate any significant changes to process, human resources and technology. The Company’s business continuity plan is in line with the guidelines issued by RBI and is subject to annual review by the Board of Directors.  

Company understands the environment in which it operates in and the associated risks, hence the Company has developed and implemented business recovery strategies and  infrastructure to ensure recovery and continuity of critical IT operations as per agreed  timelines and acceptable service levels. The plan is designed to facilitate the continuity of the critical business processes in the event of defined disaster scenarios. The same is tested  periodically to address any gaps.  

In a significant disruption scenario: During a significant disruption or a disaster, if a  customer’s usual access to Company’s services is affected, the customer may connect with the Company through its customer care number (1800-3095021). Customer care number of the Company is published on the Company's website. If a customer is not able to contact the company through its customer care number, customer could visit its website at www.avantifinance.in and send queries/complaints/requests through online contact links published on the website

‍

18. Value Delivery

a. Value delivery will be an integral form of IT service delivery to the organization.  

b. Business functions will be able to register formal service complaints to be addressed to the IT team.  
c. All service complaints will be recorded by IT, investigated, addressed, reported and formally closed.  

h. Business functions will be able to escalate cases wherein a complaint is not resolved by  IT as per the agreed service levels.  

d. Satisfaction of business needs and managing the business relationships will be the responsibility of the COO within the applicable business constraints.

e. Measures will be put in place to satisfy business needs and actions for improvement will be identified, recorded and updated in a continual service improvement plan

‍

19. IT Compliance and Audit

1. Compliance  

Compliance functions include the following: Evaluate, define the compliance parameters based on internal and regulatory requirements, assess the reported observations, recommendations and perform timely corrective actions to ensure compliance to  identified requirements.  

2. Information System (IS) Audit  

Auditing of Information Systems will take into consideration the risks and the impacts on all the in-scope systems (e.g. potential for disruption). The Information systems will be audited at least once a year. Auditing requirements will include: 

1. Audit requirements for access to systems and data should be agreed with appropriate management;  
2. Computer Assisted Auditing Techniques (CAATs) will be used wherever feasible;  
3. The scope of technical audit tests should be agreed and controlled;  
4. Audit tests should be limited to read-only access to software and data requirements for special or additional processing should be identified and  agreed; audit tests that could affect system availability should be run outside business hours;  
5. All access should be monitored and logged to produce a reference trail.

The findings of the audit shall be shared with each relevant stakeholder for remedial action or an adequate management response. Audit Committee of the Board shall review the progress and action taken on the audit findings during their quarterly review.

‍

20. Regulatory reference

This policy is framed as per the following regulatory references and in accordance with leading industry practice:

Reserve Bank of India (Information Technology Governance, Risk, Controls and Assurance Practices) Directions, 2023

‍

21. Policy Review updated

This Policy shall be reviewed by the Board of the Company, and shall be reviewed at least once a year. Reviews shall also account for any significant business changes and/or any regulatory requirements.

1. BACKGROUND

The Reserve Bank of India has notified Master Directions - Reserve Bank of India (Securitisation of Standard Assets) Directions, 2021 (“Directions”). In line with the Directions and as a matter of good governance, Avanti Finance Private Limited (hereinafter referred to as “Company” which term includes its successors and assigns) has sought to adopt this policy towards undertaking securitisation transactions.

‍

2. KEY DEFINITIONS AS PER THE DIRECTIONS

“securitisation” means a structure where a pool of assets is transferred by an originator to a SPE and the cash flow from this pool of assets is used to service securitisation exposures of at least two different tranches reflecting different degrees of credit risk, where payments to the investors depend upon the performance of the specified underlying exposures, as opposed to being derived from an obligation of the originator;

“securitisation notes” mean securities issued by the special purpose entity as a part of securitisation;

“special purpose entity (SPE)” means a company, trust or other entity organised for a specific purpose, the activities of which are limited to those appropriate to accomplish the purpose of the SPE, and the structure of which is intended to isolate the SPE from the credit risk of an originator. Any reference to SPE also refers to the trust settled or declared by the SPE as a part of the process of securitisation;

“standard assets” means exposures which are not classified as non-performing asset;

"originator" refers to a lender that transfers from its balance sheet a single asset or a pool of assets to an SPE as a part of a securitisation transaction and would include other entities of the consolidated group to which the lender belongs.

Definitions of other terms used in this policy are as stated in the Directions.

‍

3. PERMITTED TRANSFERORS

3.1 Securitisation is permitted to the following entities:

a) Scheduled Commercial Banks;

b) All India Financial Institutions (NABARD, NHB, EXIM Bank, and SIDBI);

c) Small Finance Banks; and

d) All Non-Banking Finance Companies (NBFCs) including Housing Finance Companies (HFCs).

3.2 Permitted Assets

3.2.1 Except as provided under paragraph 3.2.2, all on-balance sheet exposures of originators, which are in the nature of loans and advances and are classified as standard assets, are eligible as underlying assets in a securitisation transaction.

3.2.2 Following exposures shall not be allowed for the purpose of securitisation:

a) Re-securitisation exposures;

b) Structures in which short term instruments such as commercial paper, which are periodically rolled over, are issued against long term assets held by a SPE;

c) Synthetic securitisation;

d) Securitisation with the following assets as underlying:

(i) revolving credit facilities as underlying – these involve underlying exposures where the borrower is permitted to vary the drawn amount and repayments within an agreed limit under a line of credit (e.g. credit card receivables and cash credit facilities);

(ii) Restructured loans and advances which are in the specified period;

(iii) Exposures to other lending institutions;

(iv) Refinance exposures of AIFIs;

(v) Loans with bullet payments of both principal and interest as underlying; and

(vi) Loans with residual maturity of less than 365 days.;

e) subject to Directions, agriculture loan extended to individual where loan tenure is more than 24 months and  up to 24 months but both interest and principal are not due on maturity; and

f) Trade receivables with tenor more than 12 months discounted/purchased by lenders from their borrowers.

‍

4. KEY RESPONSIBILITIES

4.1 Specific responsibility of Originator

4.1.1 The originator i.e., Company, of such securitisation shall have satisfied the Minimum Holding Period requirement as per Clause 39 of the Reserve Bank of India (Transfer of Loan Exposures) Directions, 2021 including the proviso to the above Clause.

4.1.2 Company shall adhere to the requirements of Minimum Retention Requirement (MRR) as provided in the Directions while securitising loans leading to issuance of securitisation notes.

4.1.3 Company would follow stringent underwriting standards. There shall not be any difference in the criteria for credit underwriting applied by the Company on exposures retained on the balance sheet of the Company vis-a-vis exposures securitised.

4.1.4 The total exposure of an originator to the securitisation exposures should be as per Clauses 25, 26 and 27 of the Directions.

4.1.5 The minimum ticket size for issuance of securitisation notes shall be INR 1 crore. Listing  of securitisation notes, especially in respect of certain product class, such as residential mortgage backed securities (RMBS), and/or generally above a certain threshold is recommended, though not mandatory. Any offer of securitisation notes to fifty or more persons in an issuance would be required to be listed as per SEBI Regulations (Issue and Listing of Securitised Debt Instruments and Security Receipts), 2008.

Priorities of payments for all liabilities have to be clearly defined at the time of securitization with full transparency over any changes to the cash flow waterfall, payment profile or priority of payments that might affect a securitisation and all triggers affecting the cash flow waterfall, payment profile or priority of payments of the securitisation should be clearly and fully disclosed in offer documents and in investor reports.

4.1.6 Securitisations featuring a replenishment period shall include provisions for appropriate early amortisation events and/or triggers of termination of the replenishment period and other terms as mentioned in Directions.

4.1.7 Company transferring assets to Special Purpose Entity (SPE) may make representations and warranties concerning those assets and undertake to hold capital against such representations and warranties if any of the conditions referred in Clause 32 of the Directions are not satisfied.

4.1.8 Company may provide supporting facilities such as credit enhancement facilities, liquidity facilities, underwriting facilities and servicing facilities but should be as per conditions outlined in Chapter IV of the Directions.

4.1.9 Company has to maintain capital against the exposures transferred to the SPE, which then forms the underlying for securitisation notes issued by the SPE, i.e., the exposures transferred to the SPE must be included in the calculation of risk-weighted assets of the originator and the consideration received from SPE must be recognised as an advance, unless at least conditions mentioned in Clause 81 of the Directions are satisfied tax and regulation.

4.1.10 The transactions undertaken in terms of the Directions must not contravene the rights of underlying obligors. To ensure compliance with this stipulation, enabling clauses must be included in the contract between Company and servicing agent (if any) and all necessary consent from obligors (including from third parties), where necessary as per the respective contracts, should have been obtained.

4.2 Specific responsibility of Company who is Investor in Securitisation:

4.2.1 Company should invest in securitised notes only if the originator has explicitly disclosed to the purchasing lenders that it has adhered to the MRR and MHP requirements and will adhere to MRR on an ongoing basis, as applicable and advised in the Directions.

4.2.2 Company should be able to access performance information on the underlying pools on an ongoing basis. Such information may include:

(a) the average credit quality through average credit scores,

(b) extent of diversification of the pool of loans,

(c) volatility of the market values of the collaterals supporting the loans,

(d) prepayment rates,

(e) property types,

(f) occupancy, etc.

4.2.3 Company should take note of, analyse and record the following while taking the decision regarding a securitisation exposure:

(a) Reputation of originators,

(b) Loss ratio of originators,

(c) Valuation concept and methodology of collateral;

(d) Disclosures made by the originator.

4.2.4 Company will share with the Board the valuation approach being adopted and the process of credit monitoring proposed before investing in securitisation notes. This will, inter alia, include:

(a) the models used for valuation,

(b) the assumptions underpinning the models, the policy regarding back-testing, and

(c) stress testing the valuation model and its parameters etc.

4.2.5 Company needs to monitor on an ongoing basis and in a timely manner, performance information on the exposures underlying their securitisation positions and take appropriate action, if any, required. Action may include modification to exposure ceilings to certain type of asset class underlying securitisation, modification to ceilings applicable to originators etc.

4.2.6 Company should maintain capital against all securitisation exposure amounts, including those arising from the provision of credit risk mitigants to a securitisation transaction, investments in asset-backed or mortgage-backed securities, retention of a subordinated tranche, and extension of a liquidity facility or credit enhancement.

For the purpose of computing capital to be maintained and the exposure amount, reference may be drawn to Clauses 73 and 74 of the Directions.

For the purpose of calculating capital requirements, in respect of exposures that do not meet the requirements of Chapter IV of the Directions, transferee shall maintain capital charge equal to the actual exposure acquired.

4.2.7 Company should compute risk-weight for rated securitisation exposures via Securitisation External Ratings Based approach (SEC-ERBA), for unrated securitisation exposures, buyer to maintain capital charge equal to the actual exposure. The capital requirement for any securitisation position should not exceed the securitisation exposure amount.

4.2.8 Company should compute risk weight as per external ratings-based approach (SEC- ERBA) will be determined by multiplying securitisation exposure amounts by the appropriate risk weights as determined by Clauses 102 to 104 of Directions for securitisation exposures that are externally rated, provided that the criteria mentioned in Clause 101 of the Directions are met.

4.2.9 The Directions have laid down clear guidelines on derecognition of transferred assets for capital adequacy. Buyer should ensure that originator should satisfy the conditions below in order to achieve de-recognition:

a) Originator should not have any control over the transferred exposures. The originator shall be considered to have retained effective control over the exposures if:

(i) It is able to repurchase the exposures from the SPE in order to realise the benefits,or

(ii) It is obligated to retain the risk of the transferred exposures.

b) Except for clean-up calls, the originator should not be able to repurchase the exposure.

c) The securitisation notes issued by SPE are not obligations of the originator. Thus, the investors who purchase the securitisation notes have a claim only to the underlying exposures.

d) The transferred exposures are legally taken isolated in such a way that they are beyond the reach of the creditors in case of bankruptcy or otherwise.

e) As per the Directions, the holders of the securitisation notes issued by the SPE against the transferred exposures have the right to pledge or trade them without any restriction, unless the restriction is imposed by a statutory or regulatory risk retention requirement.

f) The originators must not be obligated to replace loans in the pool in case of deterioration of the underlying exposures to improve the credit quality.

g) The originator should not be allowed to increase the credit enhancement provided at the inception of the transaction, after its commencement.

h) The securitisation does not contain clauses that increase the yield payable to parties other than the originator such as investors and third-party providers of credit enhancements, in response to a deterioration in the credit quality of the underlying pool.

i) There must be no termination options or triggers to the securitisation exposures except eligible clean-up call options or termination provisions for specific changes in tax and regulation.

4.2.10 Company may invest in such securitised notes where the originator has explicitly disclosed that the applicable provisions of the Reserve Bank of India (Know Your Customer (KYC) Directions, 2016 (as amended from time to time) shall be complied with in all cases.

‍

5. REPORTING RESPONSIBILITY

Company shall submit the details of the securitisation transactions undertaken, including the details of the securitisation notes issued, to the Reserve Bank of India on a quarterly basis in the format shared by RBI.

‍

6. ACCOUNTING AND DISCLOSURE

6.1 Company can sell assets to SPE only on cash basis and the sale consideration should be received not later than the transfer of the asset to the SPE. Further, there should not be a gap of more than 30 days between transfer of the assets and the issuance of securitisation notes. In case of other lenders, any loss, profit or premium realised at the time of the sale should be accounted accordingly and reflected in the Profit & Loss account for the accounting period during which the sale is completed.

6.2 Accounting treatment in the case of unrealised gains arising out of sale of underlying assets need to be done as per the Clause 36 of the Directions.

6.3 Appropriate disclosures to be made in financial statements as per Clauses 116 and 117 of the Directions.

6.4 Disclosure in respect of the weighted average holding period of the assets securitised and the level of their MRR in the securitisation as per Clauses 112 and 113 of the Directions made to investor in investor report should be as per format prescribed in Clause 115 of the Directions.

‍

7. INDEPENDENCE

The functioning and reporting responsibilities of the units and personnel involved in acquisition of loan exposures shall be independent from that of personnel involved in loan origination.

‍

8. IT SYSTEMS

Requisite IT systems for capture, storage and management of data pertaining to the acquired loan exposures and towards meeting the compliance requirements under the Directions shall be established.

‍

9. BOARD OVERSIGHT

The policy shall be reviewed by the Board of Directors on an annual basis and the implementation of this policy shall be monitored and reviewed periodically by the Board of Directors.

‍

10. REGULATORY REFERENCE

Master Direction – Reserve Bank of India (Securitisation of Standard Assets) Directions, 2021

‍

11. RECORD OF UPDATES:

This Policy was:

11.1 drafted on behalf of the Company by: Ankit Hurkat

11.2 internally reviewed by: Manish Thakkar

11.3 approved by the Board of the Company on: March 11, 2022, Revision 1 on: March 13, 2023, Revision 2 on: November 12, 2024.

This policy comes into effect immediately on the above date of approval.

1. Introduction

Avanti Finance Company Private Limited (“Company”) considers ongoing risk management to be a core component of the Management of the Company, and understands that the Company’s ability to identify and address risk is central to achieving its corporate objectives. 

Risk can represent both a threat and an opportunity for the Company and is a fundamental factor in the success or failure of our business. Company promotes a risk-aware corporate culture to support key decisions made in the business. Our employees can identify risk through integrated risk analysis and then manage these risks to enhance commercial opportunities or reduce threats to maintain and build competitive advantage. 

2. Purpose & Objective of the Risk Committee: 

• a). To advise and assist the Board in its oversight of the design and effectiveness of the Enterprise Risk Management Framework.
  
• b)  To advise and assist the Board of Directors in fulfilling its oversight responsibilities with regards to the risk appetite of the Company, its risk management and compliance framework and the governance structure that supports it.
  
• c)  Overseeing risk appetite and risk tolerance appropriate to each business area
  
• d)  Ensuring that there are adequate enterprise-wide processes and systems for identifying
  and reporting risks and deficiencies, including emerging risks
  
• e)  To ensure alignment of the risk framework with the Company’s growth strategy,
  supporting a culture of risk taking within sound risk governance
  
• f)  To monitor all material aspects of the risk profile and to notify the board of any material
  changes or exceptions to established risk policies 

3. Authority 

• 3.1.  The Risk Committee (the “Committee”) is a committee of the Board of the Company from which it derives its authority and to which it regularly reports. 
• 3.2.  The Committee has delegated authority from the Board in respect of the functions and powers set out in these Terms of Reference. 
• 3.3.  The Committee has authority to investigate any matter within its Terms of Reference and to obtain such information as it may require from any director, officer of the company, employee or Partner. 
• 3.4.  When required, the Committee may delegate matters to a panel comprising a minimum of two members of the Committee plus such additional individuals with relevant expertise as deemed appropriate, and subject to terms of reference (including protocols for escalation to the Committee) as determined by the Committee.
  
• 3.5.  In addition, the Committee may have delegated authority from the Board for oversight of specified strategic, cultural or transformational projects led by the Executive.
  

4. Constitution 

• 4.1.  The Committee will be composed of Elected or Nominated Board Members, CEO of Company, heads of various risk verticals as well as other personnel as required and ratified by the Board. 
• 4.2.  The Committee members present shall elect one of themselves to chair the meeting.
  
• 4.3.  Members of the Committee shall be appointed by the Board.
  
• 4.4.  Working groups of the Committee may be established by the Committee for specific
  tasks and activities, including for analysis, consultations and escalations as appropriate; such groups may be comprised of representatives of the Committee and other individuals with relevant expertise.
  
• 4.5.  Members may be removed from the Committee at any time before the end of their term by the Board.
  
• 4.6.  Unless otherwise determined, the duration of appointments of members of the Committee and of co-opted members shall be for a period of up to 2 years which may be extended for an additional period of 1 year.
  

5. Proceedings of Meetings 

5.1.  Frequency of Meetings
5.1.1.  Meetings of the Committee may be called by the Chair of the Committee at any time to consider any matters falling within these Terms of Reference, but at a minimum on a quarterly basis. 

5.2 Quorum for Risk Committee 

• 5.2.1  A quorum will require the presence of at least 50% or 3 of the committee members, whichever is higher
  
• 5.2.2  A duly convened meeting of the Committee at which a quorum is present shall be competent to exercise all or any of the authorities, powers and discretions 

6. Attendees

6.1  Risk committee attendees 

• 6.1.1  Only the members of the Committee and other Elected and Nominated members of the Board and Independent Non-Executives directors have the right to attend Committee meetings and the right to cast a vote, if called upon.
  
• 6.1.2  The following will be expected to attend Committee meetings on a regular basis (as and when appointed): 
• a)  Chief Executive Officer;
  
• b)  Chief Risk Officer;
  
• c)  Chief Operating Officer;
  
• d)  Chief of Partnerships; 
• e)  Chief Financial Officer;
  
• f)  General Counsel;
  
• g)  Head of Regulatory Affairs;
  
• h)  Head of Internal Audit;
  
• i)  Head of Corporate Affairs; and
  
• j)  Company Secretary 

6.2 ALCO committee attendees 

• 6.2.1  The members of the Committee, management team members (on a special invite basis) have the right to attend Committee meetings and the right to cast a vote, if called upon.
• 6.2.2  The following will be expected to attend Committee meetings on a regular basis (as and when appointed): 
• a)  Chief Executive Officer;
  
• b)  Chief Risk Officer;
  
• c)  Chief Operating Officer;
  
• d)  Chief of Partnerships
  
• e)  Chief Financial Officer / Head of Finance; 

7. Powers of Risk Committee: The Risk committee shall have the powers – 

• a)  Investigate any matter within its terms of reference and seek information from any director, office of the company, employee or Partner. 
• b)  To obtain advice from auditors or lawyers or experts, retain services of external consultants for redressing issues relating to and arising from risk management framework.
  
• c)  To call for any information, documents, records from any officers of the Company for ascertaining the adherence to the Risk policies, procedures and standards laid for effective monitoring, evaluating and reporting of risks.
  
• d)  To institute and periodically review the terms of reference of the Asset Liability committee (ALCO) 

8. Roles and responsibilities of the Committee 

• a) Review and recommendation to the Board of Directors (Board) for approval: 
• i.  Enterprise Risk Management (ERM) framework for the Company and its subsidiaries
  
• ii.  Risk appetite for the Company
  
• iii.  Stress testing framework
  
• iv.  Internal Capital Adequacy Assessment Process (ICAAP)
  
• v.  Framework for capital allocation.
  
• b)  Review the policies pertaining to credit, market, liquidity, operational, outsourcing, reputation risks and business continuity plan, disaster recovery plan and limits for each risk category would be a part of the respective Policy for amendments as necessary based on changes in regulatory guidelines, risk environment and business considerations and recommendation to Board for approval
• c)  Review key risk indicators, level and direction of major risk categories as detailed below on a quarterly basis:
• i. Credit risk: corporate, retail, small enterprises, rural, micro-banking and agri portfolio 
• ii.  Market risk: interest rate risk, credit spread risk, foreign exchange risk and equity risk
  
• iii.  Liquidity risk: domestic and international operations
  
• iv.  Operational risk: process risk, people risk, technology risk, event risk, outsourcing risk
  and reputation risk
  
• v.  Compliance risk: domestic
  
• vi.  Capital at risk 
• d)  Review of outsourcing activities
  
• e)  Review report on activities of Asset Liability Management Committee
  
• h)  Review of Cyber Security Risk on periodic basis.
  
• i)  Setting limits on any industry, sector or country
  
• j)  Authorised to delegate above mentioned functions to sub-committees (comprising members of Risk Committee and/or whole-time directors).
  
• k)  To keep the board of directors informed about the nature and content of its discussions, recommendations and actions to be taken.
  
• l)  The Risk Committee shall coordinate its activities with other committees, in instances where there is any overlap with activities of such committees, as per the framework laid down by the board of directors.
  
• m)  Advise the Board in relation to its determination of overall risk appetite, tolerance levels and strategy, taking account of the Company’s values and public interest purpose, as well as the current and prospective regulatory, macroeconomic, technological, environmental and social developments and trends that may be relevant for the Company’s risk policies
  
• n)  Using internal and external sources of assurance monitor the robustness of the Company’s risk management policies and processes, including the Company’s Enterprise-Wide Risk Management Framework and their fitness for purpose when tested against the Board’s strategy and risk appetite;
  
• o)  Consider and review the prevailing risk culture in the organisation (values, beliefs, knowledge, attitudes and understanding about risk) and maintain oversight of relevant work streams and projects to bring about the desired risk culture which may include specific training when required
  
• p)  Review the integration of risk management and control objectives (and consequences) in the compensation structure
  
• q)  Annually review and approve the Executive Committee’s objectives and goals in relation to risk management
  
• r)  Provide advice and assurance to the Board by adopting a holistic and enterprise-wide view of the Company and the key risks that it is exposed to, assessing the adequacy and effectiveness of the Company’s adoption of the Enterprise-Wide Risk Management Framework;
  
• s)  Consider and review the prevailing risk culture in the organisation (values, beliefs, knowledge, attitudes and understanding about risk) and maintain oversight of relevant work streams and projects to bring about the desired risk culture;
  
• t)  Ensure the internal audit work plan is aligned to the identified risks
  
• u)  Review regularly and approve the parameters used in risk assessment measures and
  the methodology adopted
  
• v)  Review the Company’s adherence to all applicable regulations as updated from time to time by various regulatory authorities
  
• w)  Before a decision to proceed is taken by the Board, advise the Board on proposed strategic transactions including acquisitions or disposals ensuring that a due diligence appraisal of the proposition is undertaken, focusing in particular on risk aspects and implications for the risk appetite and tolerance of the Company, and taking independent external advice where appropriate and available
  
• x)  Review reports on any material breaches of risk limits and the adequacy of proposed action
  
• y)  Review and approve the statements to be included in the annual report concerning risk management
  
• z)  Review and monitor management’s responsiveness to the findings and recommendations of the CRO 

9. Review of Terms of Reference: 

The Committee shall annually review its Terms of Reference and may recommend to the Board any amendments to its Terms of Reference. 

10. Amendment: 

Any change in the Policy shall be approved by the Board of Directors or any of its Committees (as may be authorized by the Board of Directors in this regard). The Board of Directors or any of its authorised Committees shall have the right to withdraw and / or amend any part of this Policy or the entire Policy, at any time, as it deems fit, or from time to time, and decision of the Board or its Committee in this respect shall be final and binding. 

11. Record of updates: 

This TOR was: 

• (i)  drafted on behalf of the Company by: Nagaraj Subrahmanya, CRO
  
• (ii)  internally reviewed by: Rahul Gupta, CEO
  
• (iii)  approved by the Board of the Company on: September 30, 2022, Revision 1 on March 13, 2023 

This TOR comes into effect immediately on the above date of approval. 

1. Purpose / Mission / Objective

The Information Technology (IT) Strategy Committee (hereinafter referred to as “the Committee”) is an executive committee of Avanti Finance Private Limited (hereinafter referred to as “the Company”) formed to achieve the following key objectives:

1. Facilitating and building an effective IT security framework
2. Assist in aligning IT strategy to business strategy/plan
3. Approve and periodically review the IT Policy of the Company
4. Identify the risks affecting IT and managing it by documenting controls and monitoring
5. Ensure timely and effective resolution of IT issues

‍

2. Membership & Meetings

An independent director shall be the chairperson of the Committee. Other members shall include the Chief Executive Officer, Chief Operations Officer, Chief Product Officer, Chief Risk Officer, Chief of Partnerships and three Board members (including the CEO). The Committee may invite any executives as it may consider necessary.

The Information Technology (IT) Strategy Committee should meet at appropriate frequency as and when needed (at least four times in a year). The quorum for the Committee shall be at least three attendees. The Company Secretary will minute the meetings and share the minutes with the Board.

‍

3. Authority

The Committee shall operate under delegated authority from the Board of the Company.

The Committee shall have access to any internal information it may require in order to fulfil its responsibilities. The Committee, at its discretion, may seek advice from external consultants or experts on the various ongoing IT projects of the Company and understand their opinions in order to perform its duties effectively. The Committee may also seek information from any employee for the functioning of the Committee. The Committee may also secure attendance of outsiders with relevant expertise, if it considers necessary.

‍

4. Roles & Responsibilities

The key responsibilities of the Committee shall be as under:

1. Review the IT related strategy and policy and ensure that the same is approved by the Board
2. Assist the management in implementing the IT strategy that has been approved by the Board
3. Implementation of an IT governance framework covering basic principles of value delivery, IT Risk Management, IT resource management and performance management
4. Oversee the creation of a suitable governance structure for IT which will include IT Operations and supplier and resource management, each of which may be headed by suitably experienced and trained senior officials
5. Review the investments made into IT infrastructure to sustain the Company’s growth
6. Ensure the IT risks and controls are documented and covered and risk mitigation and monitoring initiatives are taken
7. Work in partnership with other Board committees and Senior Management to provide input, review and amend the aligned corporate and IT strategies.
8. Ensure arrangements are present for monitoring the information security condition of the Company, which are documented, agreed with top management and performed regularly
9. Ensure that an Information System Audit of the internal systems and processes is conducted once in a year to assess operational risks faced by the company.
10. Approving IT strategy and policy documents and ensuring that the management has put an effective strategic planning process in place;
11. Ascertaining that management has implemented processes and practices that ensure that the IT delivers value to the business;
12. Ensuring IT investments represent a balance of risks and benefits and that budgets are acceptable;
13. Monitoring the method that management uses to determine the IT resources needed to achieve strategic goals and provide high-level direction for sourcing and use of IT resources;
14. Ensuring proper balance of IT investments for sustaining NBFC’s growth and becoming aware about exposure towards IT risks and controls.

The Role of IT Strategy committee in respect of outsourced operations shall include

1. Instituting an appropriate governance mechanism for outsourced processes, comprising of risk based policies and procedures, to effectively identify, measure, monitor and control risks associated with outsourcing in an end to end manner;
2. Defining approval authorities for outsourcing depending on nature of risks and materiality of outsourcing;
3. Developing sound and responsive outsourcing risk management policies and procedures commensurate with the nature, scope, and complexity of outsourcing arrangements;
4. Undertaking a periodic review of outsourcing strategies and all existing material outsourcing arrangements;
5. Evaluating the risks and materiality of all prospective outsourcing based on the framework developed by the Board;
6. Periodically reviewing the effectiveness of policies and procedures;
7. Communicating significant risks in outsourcing to the NBFC’s Board on a periodic basis;
8. Ensuring an independent review and audit in accordance with approved policies and procedures;
9. Ensuring that contingency plans have been developed and tested adequately;
10. Ensuring that business continuity preparedness is not adversely compromised on account of outsourcing. The company will adopt sound business continuity management practices as issued by RBI and seek proactive assurance that the outsourced service provider maintains readiness and preparedness for business continuity on an ongoing basis.

‍

5. Reporting Requirements

The following matters are reported to the Committee:

a) Security incidents and corrective action plans

b) Trends of security incidents and the long-term strategy to mitigate the risks

c) Report on implementation of IT policy

d) Report on the effectiveness and adequacy of IT governance structure of the Company

e) Appropriateness of allocation of IT projects of the Company to vendors

The Committee shall submit an annual note to the Risk Management Committee (RMC) about its activities on a periodic basis. The following matters shall be reported to the RMC:

a) Recommend changes for approval in the IT policy

b) Security incidents and concerns for resolution

c) Report on the information security status of the Company

d) Report on the IT risks associated with new products or processes

‍

6. Review of the Charter

The Committee shall review this Charter as and when required and recommend amendments, if any, to the Board of Directors. The Committee shall also review the attendance and frequency of the meetings on an annual basis.

Introduction

Avanti Finance Private Limited (hereinafter referred to as ‘the Company’) has framed the Risk Management Policy to set out the guidelines, principles and approach to manage risks for the Company and establish a risk culture and risk governance framework to enable identification, measurement, mitigation and reporting of risks within the Company.

1. Objectives of the Policy

The key objective of the Risk Management Policy aims at the following:

(i) To understand the company's risk profile, define the risk appetite, tolerance and limits that the company is willing to undertake to achieve its strategic and business objectives.

(ii) To understand the requirement of Capital adequacy, Fraud reporting, Asset liability management, Liquidity Risk Management etc.

(iii) To enable the company to monitor risk - reward at corporate and business unit level thereby integrating/ embedding risk management in business decisions.

(iv) To assist in anticipating risk in order to take proactive actions instead of depending on reactive risk management actions through continuous activities such as risk identification, risk assessment, mitigation, monitoring and reporting.

(v) To embed risk management in all the processes and decision making such that the Senior Management is in a position to make informed business decisions based on risk assessment.

2. Guiding Principles for the Risk Management Framework

The guiding principles of the risk management framework as defined in COSO framework are as follows:

(i) Risk Management principles are incorporated into strategy and objective setting processes as well as the day-to-day activities and decision-making.

(ii) Risks are understood and prioritized based on the event frequency and impact to one or more objectives.

(iii) The same metrics used to measure objectives e.g., revenue, regulatory compliance etc. are leveraged during risk management activities.

(iv) Risk response strategies are evaluated for those risks deemed to be high or medium priority.

(v) Key risk management information (e.g., key events, results of risk assessments, risk responses) is documented in a timely and structured manner.

(vi) A portfolio view of risks is presented to the Risk Management Committee on a regular basis.

3. Event and Risk

Event:

In order to understand risk, one needs to define an 'Event'. An event is an incident or occurrence from internal or external sources that affects achievement of objectives. Events can have negative impact, positive impact, or both.

A series of events from internal or external sources has the potential to affect strategy implementation and achievement of objectives. Events potentially have a negative impact, a positive impact or a combination of both. Events with a potentially negative impact represent risks. Accordingly, risk is the possibility that an event will occur and adversely affect the achievement of objectives. Events with a potentially positive impact may offset negative impacts or they may represent opportunities

Risk:

Risk is the possibility that an event will occur and adversely affect the achievement of objectives. Further Opportunity is the possibility that an event will occur and positively affect the achievement of objectives. Risks can be thought of in three distinct senses as threats, uncertainty or lost opportunity.

(i) Loss opportunity: The risk that an opportunity is not identified or possibility of something positive not happening — typical examples include not capitalizing on technological advancements and new markets/ geographies

(ii) Uncertainty: The possibility that actual results will not measure up to expectations —typical examples include unfavourable outcomes vis-a-vis budget etc.

(iii) Threats or hazards: The threat of loss or negative things happening—typical examples include system failure, fraud, etc.

4. Risk Management Framework

Effective risk management processes defined as Objective setting, Risk identification, Risk response, Risk assessment, mitigation, monitoring and reporting of risk issues across the organisation. Essential to this process is a well-defined and articulated corporate strategy and business objectives.

The framework will help in creating an environment in which risk management is consistently practiced across the Company and where Management can take informed decisions to reduce the possibility of surprises.

The objective of the Risk Management Framework is to formalise and communicate Company's approach towards management of risk. It will have the following attributes:

(i) Responds to the Management's need for enhanced risk information and improved governance.

(ii) Provides the ability to prioritize, manage and monitor the increasingly complex risks in the business.

(iii) Provides an explicit, comprehensive process to satisfy the regulators, and other stakeholders, that significant risks are being effectively managed.

(iv) Set up the Risk Committee to advise and assist the Board in its oversight of the design and effectiveness of the Enterprise Risk Management Framework.

4.1 Objective Setting

Like every Company, Avanti Finance Private Limited also faces risk from external and internal sources and Objective setting is pre-condition to event identification, risk assessment and risk response. Objectives can be broadly classified in the four categories:

(i) Strategic Objective — Strategic Objective are the high-level goals, aligned with and supporting Company's Mission and Vision statement.

(ii) Operational Objective — Effectiveness and efficiency of entity's operations, including performance and profitability goals and safeguarding resources against loss.

(iii) Compliance Objective — Adherence to relevant laws and regulations.

(iv) Reporting Objective — Reliability of internal and external reporting including financial and non-financial information

4.2 Risk Management Committee

The Risk Management Committee is a committee of Board of the Company. The key responsibilities of the Risk Management Committee relating to risk management include:

(i) To advise and assist the Board in its oversight of the design and effectiveness of the Enterprise Risk Management Framework

(ii) To advise and assist the Board of Directors in fulfilling its oversight responsibilities with regards to the risk appetite of the Company, its risk management and compliance framework and the governance structure that supports it

(iii) Overseeing risk appetite and risk tolerance appropriate to each business area

(iv) Ensuring that there are adequate enterprise-wide processes and systems for identifying and reporting risks and deficiencies, including emerging risks

(v) To ensure alignment of the risk framework with the Company’s growth strategy, supporting a culture of risk taking within sound risk governance

(vi) To monitor all material aspects of the risk profile and to notify the board of any material changes or exceptions to established risk policies

(vii) To ensure the Company’s adherence to all applicable regulations as updated from time to time by various regulatory authorities

4.3 Risk Assessment

Risk prioritization is the process of rating the risks in order to identify those risks which may have the most significant impact on the achievement of the stated goals and objectives of the business

After the key risks have been identified, they will be assessed in terms of their 'Consequence' and 'Likelihood'. Also, in order for risks to be assessed objectively, there must be a common approach or methodology for measuring risks. It is critical for the process owners and management to define and agree on the quantitative and qualitative descriptors (for consequence and likelihood scale) in identifying and assessing risks.

Risks that are characterized with high inherent risks (gross risk in absence of any controls) or high residual risks (risk assessed to be higher than the 'targeted' level after considering existing controls) should be prioritized for treatment.

4.4 Risk Response

Risk response relates to the policies, procedures, processes and controls implemented to address the risks associated with specified future events. The sophistication of the response selected is a factor of the cost versus benefit, including the effect on event likelihood and impact

Various response strategies are available for responding to a given event and associated risks. These strategies are broadly divided into the following four categories:

(i) Avoidance – The Company considers adopting this strategy in circumstances where:

(a) the cost of implementing a response is prohibitive and out-weighs the benefits,

(b) Risk undertaken is well outside the risk appetite or

(c) Activity giving rise to the risk does not fit with the overall strategy.

(ii) Reduction - This strategy can be undertaken by the Company with the intent that if a proposed action is taken, it will reduce likelihood or impact, or both.

(iii) Sharing - By adopting this strategy, the Company attempts to reduce likelihood or impact or both by transferring or otherwise sharing a portion of risk. Common techniques include outsourcing an activity. This strategy is generally resorted to

(a) The cost of implementing a response strategy internally is prohibitive and greatly outweighs its benefits.

(b) The activity giving rise to the risk is not a core competency of the organization e.g.  verification of customer documents submitted during the loan appraisal process.

(c) The cost of sharing the risks is less than the benefits i.e. risk exposure is brought within the risk tolerance by transferring portion of risk.

(iv) Acceptance: No action is taken to affect risk likelihood or impact. This suggests that either the existing residual risk is already in line with risk tolerances or management has accepted the current risk level regardless of whether it exceeds the risk tolerances

4.5 Control Activity

Control activities are the policies and procedures that helps to ensure that management's risk responses are carried out as intended. They serve as mechanism for managing the achievement of objectives.

Control activities exist throughout the organization, at all levels and in all functions. They include a range of activities — as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets, and segregation of duties.

Control activities are identified with reference to objectives, events & associated risks and response strategies selected. Following may be considered while identifying control activities:

(i) Formal documented policies, procedures, processes and controls to mitigate the likelihood and impact of occurrence of risk for the given event

(ii) Policies, procedures, processes and controls exist but not formally documented

(iii) Existence and effectiveness of the policies, procedures, processes and controls as formally documented.

(iv) Reference to industry global good practices for risks and events identified

(v) Use of experts (e.g., external consultants and Internal Audit) in designing control activities

(vi) Brainstorming and discussions

On identification of control activities against events and associated risks, the existence of same is ascertained to identify additional control activities, if any, required for mitigation of risk.

4.6 Information and communications

Information systems use internally generated data and information from external sources, providing information for managing risks and making informed decisions relative to objectives.

Effective communication should also occur, flowing down, across, and up the organization. All personnel receive a clear message from top management that enterprise risk management (ERM) responsibilities must be taken seriously. They understand their own role in enterprise risk management, as well as how individual activities relate to the work of others. They must have a mean of communicating significant information upstream.

An effective information and communication approach will increase the level of risk management awareness and understanding at all levels across the company

4.7 Monitoring and reporting

Ongoing monitoring occurs in the normal course of management activities. ERM deficiencies are reported upstream, with critical matters reported to top management and the Board.

Monitoring mechanisms will help to:

(i) Ensure consistent application of Risk Management Framework across the Company

(ii) Ensure the effectiveness of the Risk Management policies and procedures

(iii) Identify weaknesses / enhancements and develop corrective action plans

Independent risk management evaluations are periodic reviews of design effectiveness of Risk management framework conducted by Internal Audit. Such reviews focus mainly on following aspects:

(i) Alignment of Risk Management philosophy and principles with respect to Company's vision. Adequacy of measures for developing risk awareness culture within the Company.

(ii) Appropriateness of procedures adopted to implement various Risk Management components.

(iii) Applicability of risk management framework's organizational structure and roles and responsibilities with respect to changes in organization.

Ongoing monitoring of risk management components will be conducted by the Chief Risk & Compliance officer. Such monitoring / validation encompass:

(i) Ensuring alignment of objectives with risk appetite and risk tolerance at all times. Changes, addition or deletion in the corporate/ business division objectives, risk appetite or Risk Management framework, organizational structure should be reviewed to ensure alignment of objectives, risk appetite and risk tolerance.

(ii) Ensuring that new events risks have been documented and the inventory of events is kept current and up-to-date. It is critical to have processes in place to periodically monitor and review the completeness and accuracy of the event inventory.

(iii) Review of risk assessment results to update changes in impact and likelihood of occurrence of any risk. Such changes may arise due to internal or external factors. Ensuring that appropriate communication happens at all levels and at all times.

(iv) Reviewing reports of key business activity indicators, business performance, exceptions, etc.

(v) Understanding of effectiveness for self-performed controls

(vi) Walkthrough testing of controls on a sample basis.

Chief Risk & Compliance officer shall submit a report on updated risk profile and operating effectiveness of the existing controls to senior management.

Based on the report so submitted, senior management will present the assessment of implementation status of the Risk Management framework to the Risk Management Committee.

Key findings/outcome of the Risk Management Committee will be discussed with the Board for taking corrective actions.

5. Limitation of Risk Management

Effective Risk Management Framework provides only reasonable assurance and not absolute assurance to the senior management and the Board of Directors regarding achievement of an entity's objectives. Achievement of objectives is affected by limitations inherent in all management processes, which include:

(i) Human judgment in decision making, which can be faulty and that breakdowns can occur because of such human failures.

(ii) Controls can be circumvented by the collusion of two or more individuals.

(iii) Management's ability to override the risk management decisions.

(iv) Decisions on responding to risk and establishing controls depend on their related costs and benefits.

6. Capital Adequacy Requirement

The Company shall maintain a minimum capital ratio consisting of Tier I and Tier II capital which shall not be less than 15% of its risk weighted assets on-balance sheet and the risk adjusted value of off-balance sheet items or as is regulatorily applicable.

Consequently, Tier I capital cannot be less than 10% unless regulatorily applicable.

Composition of Tier I

“Tier-I Capital" means owned fund as reduced by investment in shares of other NBFCs and in shares, debenture, bonds, outstanding loans and advances including hire purchase and lease finance made to and deposits with subsidiaries and companies in the same group exceeding, in aggregate, 10% of the owned fund.

Composition of Tier II

“Tier II capital” includes the following: -

(a) preference shares other than those which are compulsorily convertible into equity;

(b) revaluation reserves at discounted rate of fifty five percent;

(c) general provisions and loss reserves to the extent these are not attributable to actual diminution in value or identifiable potential loss in any specific asset and are available to meet unexpected losses, to the extent of one and one fourth percent of risk weighted assets;

(d) hybrid debt capital instruments;

(e) subordinated debt; (to the extent, value does not exceed fifty per cent of Tier-I capital); and

(f) Perpetual debt instruments issued by a systemically important non-deposit taking non- banking financial company which is in excess of what qualifies for Tier I Capital, to the extent the aggregate does not exceed Tier I capital.

Explanations:

On balance sheet assets

Degrees of credit risk expressed as percentage weightages shall been assigned to balance sheet assets. Hence, the value of each asset/item requires to be multiplied by the relevant risk weights to arrive at risk adjusted value of assets. The aggregate shall be taken into account for reckoning the minimum capital ratio.

The risk weighted asset shall be calculated as the weighted aggregate of funded items as detailed hereunder: - 

*Approved securities will be based on list as per exchanges

Notes:

(a) Netting may be done only in respect of assets where provisions for depreciation or for bad and doubtful debts have been made. (The provision for bad and doubtful debts will be done by way of creation of a ‘Memorandum Account’ to the extent of same asset value by debiting the P&L account).

(b) Assets which have been deducted from owned fund to arrive at net owned fund shall have a weightage of ‘zero’.

(c) NBFCs were advised vide DNBR (PD) C.C. No. 008/ 03.10.119/ 2016-17 dated September 1, 2016 that in terms of Accounting Standard 22, the tax effects of timing differences are included in the tax expense in the statement of profit and loss as deferred tax assets (DTA) (subject to the consideration of prudence) or as deferred tax liabilities (DTL) in the balance sheet. Further that the balance in DTL account will not be eligible for inclusion in Tier I or Tier II capital for capital adequacy purpose and that DTA being an intangible asset, will be deducted from Tier I Capital. In this connection it is further clarified that

(i) DTL created by debit to opening balance of Revenue Reserves or to Profit and Loss Account for the current year will be included under ‘others’ of “Other Liabilities  and Provisions.”

(ii) DTA created by credit to opening balance of Revenue Reserves or to Profit and Loss account for the current year will be included under item ‘others’ of “Other Assets.”

(iii) Intangible assets and losses in the current period and those brought forward from previous periods will be deducted from Tier I capital.

(iv) DTA computed as under will be deducted from Tier I capital:

(a) DTA associated with accumulated losses; and

(b) The DTA (excluding DTA associated with accumulated losses) net of DTL. Where the DTL is in excess of the DTA (excluding DTA associated with accumulated losses), the excess shall neither be adjusted against item (a) nor added to Tier I capital.”

Off-balance sheet items

(a) General

The Company shall calculate the total risk weighted off-balance sheet credit exposure as the sum of the risk-weighted amount of the market related and non-market related off-balance sheet items. The risk-weighted amount of an off-balance sheet item that gives rise to credit exposure shall be calculated by means of a two-step process:

(i) The notional amount of the transaction shall be converted into a credit equivalent amount, by multiplying the amount by the specified credit conversion factor or by applying the current exposure method; and

(ii) the resulting credit equivalent amount shall be multiplied by the risk weight applicable viz. zero percent for exposure to Central Government/State Governments, 20 percent for exposure to banks and 100 percent for others.

(b) Non-market-related off- balance sheet items

The credit equivalent amount in relation to a non-market related off-balance sheet item shall be determined by multiplying the contracted amount of that particular transaction by the relevant credit conversion factor (CCF).

Note: - Cash margins/deposits shall be deducted before applying the conversion factor.

‍

7. Reporting of Fraud

The Fraud Risk Management policy lays out in detail the Company’s approach to fraud management including a) assignment of roles and responsibilities with respect to combating fraud, b) defining measures and controls for prevention, early detection, investigation, monitoring, c) recovery and d) timely reporting of incidents of fraud to RBI and Law Enforcement Agencies (LEA)

‍

8. Asset Liability Management (ALM)

The Asset Liability Management shall be in accordance with relevant and applicable RBI directions including the Master Direction-Reserve Bank of India (Non Banking Financial Company-Scale Based Regulation) Direction, 2023

The Asset Liability Management Committee (ALCO) will assist the Risk Committee in evaluating risks emanating from Asset-liability mismatch, Interest rate risk, various aspects of liquidity risk management such as specifying the appropriate liquidity risk tolerance, internal product pricing, the funding strategy, stress testing and developing contingency plans etc., and other specific matters as may be indicated by the Board of the Company from time to time.

‍

9. Liquidity Risk Management

The intent of the liquidity risk management framework is to ensure that the Company maintains sufficient liquidity, including a cushion of unencumbered, high quality liquid assets to withstand a range of stress events, including those involving the loss or impairment of both unsecured and secured funding sources.

In addition to the ALCO., the Company will also ensure appropriate internal controls and procedures to ensure adherence to the Liquidity Risk Management framework and a reliable MIS system for providing timely and accurate reporting of the liquidity position of the Company.

The Company will also have procedures to monitor other aspects of liquidity risk management as below:

(A) Maturity Profiling

A maturity ladder and calculation of cumulative surplus or deficit of funds at selected maturity dates can be used for measuring and managing net funding requirements, The Maturity Profile should be used for measuring the future cash flows of the Company in different time buckets. The time buckets shall be distributed as under:

(i) 1 day to 7 days

(ii) 8 days to 14 days

(iii) 15 days to 30/31 days (one month)

(iv) Over one month and upto 2 months

(v) Over two months and upto 3 months

(vi) Over 3 months and upto 6 months

(vii) Over 6 months and upto 1 year

(viii) Over 1 year and upto 3 years

(ix) Over 3 years and upto 5 years

(x) Over 5 years

Within each time bucket, there could be mismatches depending on cash inflows and outflows. While the mismatches up to one year would be relevant since these provide early warning signals of impending liquidity problems, the main focus shall be on the short-term mismatches, viz., 1-30/ 31 days. The net cumulative negative mismatches in the Statement of Structural Liquidity in the maturity buckets 1-7 days, 8-14 days, and 15-30 days shall not exceed 10 percent, 10 percent and 20 percent of the cumulative cash outflows in the respective time buckets. NBFCs, however, are expected to monitor their cumulative mismatches (running total) across all other time buckets upto 1 year by establishing internal prudential limits with the approval of the Board. NBFCs shall also adopt the above cumulative mismatch limits for their structural liquidity statement for consolidated operations.

In order to enable the NBFCs to monitor their short-term liquidity on a dynamic basis over a time horizon spanning from 1 day to 6 months, NBFCs shall estimate their short-term liquidity profiles on the basis of business projections and other commitments for planning purposes.

(B) Liquidity Risk Measurement – Stock Approach

The Company should monitor certain critical ratios and specify some internal limits for these ratios based on the Company’s liquidity risk management capabilities, experience and profile. An indicative list of critical ratios are as below:

(i) Short-term liability to total assets

(ii) Short-term liability to long term assets

(iii) Commercial papers to total assets

(iv) Short-term liabilities to total liabilities

(v) Long-term assets to total assets

(C) Currency Risk

The Board of the Company should recognise the liquidity risk arising out of exchange rate volatility affecting exposures to foreign assets or liabilities and develop suitable preparedness for managing the risk.

(D) Interest Rate Risk (IRR)

Company should measure the Gap or Mismatch risk by calculating Gaps over different time intervals as at a given date. Gap analysis measures mismatches between rate sensitive liabilities and rate sensitive assets (including off-balance sheet positions). An asset or liability is normally classified as rate sensitive if:

(i) within the time interval under consideration, there is a cash flow;

(ii) the interest rate resets/re-prices contractually during the interval;

(iii) dependent on RBI changes in the interest rates/Bank Rate;

(iv) it is contractually pre-payable or withdrawal before the stated maturities.

The Gap Report shall be generated by grouping rate sensitive liabilities, assets and off- balance sheet positions into time buckets according to residual maturity or next repricing period, whichever is earlier.

 The gaps shall be identified in the following buckets:

(i) 1 day to 7 days

(ii) days to 14 days

(iii) 15 days to 30/31 days (one month)

(iv) Over one month to 2 months

(v) Over two months to 3 months

(vi) Over 3 months to 6 months

(vii) Over 6 months to 1 year

(viii) Over 1 year to 3 years

(ix) Over 3 years to 5 years

(x) Over 5 years

(xi) Non-sensitive

(E) Public disclosure on liquidity risk

(i) Funding Concentration based on significant counterparty (both deposits and borrowings)

(ii) Top 20 large deposits (amount in ₹ crore and % of total deposits)

(iii) Top 10 borrowings (amount in ₹ crore and % of total borrowings)

(iv) Funding Concentration based on significant instrument/product

(v) Stock Ratios:

1. Commercial papers as a % of total public funds, total liabilities and total assets
2. Non-convertible debentures (original maturity of less than one year) as a % of total public funds, total liabilities and total assets
3. Other short-term liabilities, if any as a % of total public funds, total liabilities and total assets
4. Institutional set-up for liquidity risk management

‍

10. IT Governance, Risk & Controls

Effective risk identification and management underpins and forms the foundation of the information security management system. The Risk Assessment process suggested follows the guidelines offered in ISO 31000:2018 and ISO 27001:2022.

Risk Assessment shall be carried out by an objective assessment of the Assets, Vulnerabilities to the Assets, Threats that could exploit these Vulnerabilities and the probability with which the threat could be manifest. The risks derived through this process should be quantified using a relative scale grading based on the likelihood of occurrence and its potential impact, guiding the development of a risk treatment plan that includes avoidance, reduction, acceptance, or transfer of risks. Security Controls should be applied to reduce these risks and these controls and their implementation monitored for measuring the effectiveness.

Risk Assessment should be conducted at least once a year or as and when required by the Company to continually improve the IS posture. These may be termed as planned reviews and will be carried out at predetermined frequencies. Reviews may also be event driven for e.g. a virus attack on the network or change in policies etc.

Information security management system related risks are recorded in the risk register and reviewed atleast annually by the Information Technology Steering Committee and the Information Technology Strategy Committee.

‍

11. Sensitive Sector Exposure

As per the Master Direction-Reserve Bank of India (Non-Banking Financial Company-Scale Based Regulation) Direction, 2023, NBFCs shall consider exposure to the capital market (both direct and indirect) and commercial real estate as sensitive exposures (SSE). As part of the business operations, the Company will not have any exposure to the capital market or the commercial real estate sector.

‍

12. Adherence to Applicable Regulations

The Company should incorporate appropriate processes to ensure that it is abreast of applicable changes in regulation as updated by various regulatory authorities from time to time and necessary changes are made to the operational processes to ensure compliance to the latest regulations.

The Risk Committee will monitor the Company’s adherence to the latest regulations as part of the periodic review of the Company’s risk management practices.

‍

13. Regulatory Reference

This policy is framed as per the following regulatory references (where applicable) and in accordance with leading industry practice:

1. Section 134 of Companies Act, 2013 (Refer Para 2 to 5 of this policy)
2. Master Direction-Reserve Bank of India (Non-Banking Financial Company-Scale Based Regulation) Direction, 2023

‍

14. Policy Review and Updates

This document shall be approved by the Risk Management Committee and the Board and shall be reviewed at least annually.

This revised Policy comes into effect from date of approval of the Board.

Approved by the Board of Directors on April 03, 2020

Relief measures approved by the Board

Retail loans of INR 54.84 crores (23791 accounts) outstanding as on March 31'20

• 1.  All borrowers will be given the option of a moratorium for EMI falling due between the period March 01, 2020 to May 31, 2020 (upto 92 days) without a change in the EMI amount.
• 2.  All borrowers will be given an option to continue making repayments falling due between the moratorium period in case their cash flows permit & they are not in favour of extending their loan tenure & paying additional accrued interest for the moratorium period.
• 3.  Interest will continue to accrue on the outstanding portion of the term loans during the moratorium period and will be collected along with the last EMI or additional installment.
• 4.  The revised asset classification of the loans will be on the basis of revised due dates and the revised repayment schedule. The same will be shared with the Credit Information Companies (Regulatory requirement).

Institutional loans of INR 12.14 crores (10 accounts) outstanding as on March 31'20

All institutional borrowers will be provided an option to opt for moratorium. However, decision pertaining to grant of moratorium will be solely made by Avanti, on a case to case basis.

Repayment Moratorium 2 Policy of Avanti Finance Private Limited

This is with reference to the circular issued by the Reserve Bank of India on the subject of COVID 19 regulatory package pertaining to grant of moratorium to borrowers. The Board of each financial institution has to approve its own policy & your approval is therefore sought for Avanti Finance Pvt Ltd. Our policy is aimed at adhering to the spirit & letter of the RBI's guidelines & enabling the right choice for our borrowers.

The gist of the guidelines is as under:

• 1.  RBI has released a comprehensive Statement of Development and Regulatory Policies onMarch 27, 2020 covering the Covid-19 package.
• 2.  All term loans were permitted to be granted a moratorium of three months on payment of all instalments falling due between March 1, 2020 and May 31, 2020 (Moratorium 1) by the Board on April 3, 2020.
• 3.  Further, through a media statement by the Governor, the moratorium was extended by another three months from June 1, 2020 to August 31, 2020 (Moratorium 2).
• 4.  The repayment schedule for such loans can be shifted across the board by a total of six months after the moratorium period (M1 and M2).
• 5.  Interest shall continue to accrue on the outstanding portion of the term loans during the moratorium period.
• 6.  The asset classification of term loans which are granted relief as per point 2 and point 3 shall be determined on the basis of revised due dates and the revised repayment schedule.
• 7.  The rescheduling of payments, including interest, will not qualify as a default for the purposes of supervisory reporting and reporting to Credit Information Companies (CICs) by the lending institutions.
• 8.  This is applicable to all commercial banks (including regional rural banks, small finance banks and local area banks), co-operative banks, all-India Financial Institutions, and NBFCs (including housing finance companies).

On account of the disruption in incomes of our customers due to the impact of Covid-19, the Board, on April 3, 2020, had approved to provide Moratorium 1 to all our customers.

Given that the situation on ground remains similar with continued lockdowns at local levels, our customers livelihoods still remain affected. Hence, we propose to extend Moratorium 2 across the board to all standard accounts as per the RBI guidelines and repayments will start w.e.f September 01, 2020 (as per the original EMI dates of the month).

We request approval of the Board for the following measures for effective implementation of the above mentioned guidelines.

Retail loans / balances are Rs 51.78 crs (23372 accounts) outstanding as of June 1, 2020

• 1.  All borrowers will be given the option of a moratorium for EMI falling due between the period June 01, 2020 to August 31, 2020 (upto 92 days) without a change in the EMI amount
• 2.  All borrowers will be given an option to continue making repayments falling due between the moratorium period in case their cash flows permit & they are not in favour of extending their loan tenure & paying additional accrued interest for the moratorium period.
• 3.  Interest will continue to accrue on the outstanding portion of the term loans during the moratorium period and will be collected along with the last EMI or additional installment.
• 4.  The revised asset classification of the loans will be on the basis of revised due dates and the revised repayment schedule. The same will be shared with the Credit Information Companies (Regulatory requirement).

Institutional loans of INR 9.70 crores (12 accounts) outstanding as on June 1, 2020

All institutional borrowers will be provided an option to opt for moratorium. However, decision pertaining to grant of moratorium will be solely made by Avanti, on a case to case basis.

1. Objectives of the Policy

‘Outsourcing’ may be defined as a Company's use of a third party (either an affiliated entity within the corporate group or an entity that is external to the corporate group) to perform activities on a continuing basis that would normally be undertaken by the company itself, now or in the future. Continuing basis would include agreements for a limited period.

Company that outsource various activities are exposed to various risks as Strategic Risk, Reputation Risk, Compliance Risk, Operational Risk, Legal Risk etc. Further, the outsourcing activities are to be brought within regulatory purview to:

1. Protect the interest of the customers, and
2. To ensure that the Company and the Reserve Bank of India have access to all books, records and information available with service provider.

The key objective of the Outsourcing Policy aims at the following:

1. Assign clear accountability and responsibility for management of Outsourcing activities,
2. Provide guidance on the types of activities that can or cannot be outsourced by to external vendors,
3. Assist in managing various risks associated with outsourcing and the techniques the company needs to employ to mitigate the risks, and
4. Designing a methodology for selection of activities to outsource, selection and monitoring of vendors and assess the materiality of the outsourced activity.

‍

2. Governance Structure

The overall control over outsourcing of non-core activities by Company as well as approval of overall expenses for outsourcing activities will rest with the board of directors of Company (“Board”). Any functions and/or activities delegated by the Board will also be carried out within the approved budget.

The Company will follow the 2-tier governance structure based on various thresholds as follows:

A. Outsourcing and Procurement Committee

Approval Limit will be exercised when the expenditure proposal is recommended by department head and 2 other senior employees approving the Outsourcing arrangement. One of the approving members must be the Chief Executive Officer (CEO).

The Outsourcing and Procurement Committee will comprise of the representatives of following areas as its permanent members:

B. Board of Directors

The Board of Directors: Approval Limit will be exercised when the outsourcing proposal is recommended by the Outsourcing and Procurement Committee and approved by at least 2 Committee members.

C. Periodicity of Meeting

The Committee will periodically review and assess Outsourcing arrangement. The Committee may also meet the vendors at periodic intervals to understand difficulties faced by them and to get feedback on ways to improve the Outsourced process.

D. Roles and Responsibilities

The Board or Committee will be responsible for the following:

(i) approving a framework to evaluate the risks and materiality of all existing and prospective outsourcing and the policies that apply to such arrangements;

(ii) laying down appropriate approval authorities for outsourcing depending on risks and materiality;

(iii) setting up suitable administrative framework of senior management for the purpose of directions issued by the RBI;

(iv) undertaking regular review of outsourcing strategies and arrangements for their continued relevance, and safety and soundness; and

(v) deciding on business activities of a material nature to be outsourced and approving such arrangements.

The senior management of the Company will be responsible for the following:

(i) evaluating the risks and materiality of all existing and prospective outsourcing, based on the framework approved by the Board;

(ii) developing and implementing sound and prudent outsourcing policies and procedures commensurate with the nature, scope and complexity of the outsourcing activity;

(iii) reviewing periodically the effectiveness of policies and procedures;

(iv) communicating information pertaining to material outsourcing risks to the Board in a timely manner;

(v) ensuring that contingency plans, based on realistic and probable disruptive scenarios, are in place and tested;

(vi) ensuring that there is independent review and audit for compliance with set policies; and

(vii) undertaking periodic review of outsourcing arrangements to identify new material outsourcing risks as they arise.

E. Internal Audit department

Regular audits by either the internal auditors or external auditors of the Company should assess the adequacy of the risk management practices adopted in overseeing and managing the outsourcing arrangement, the Company’s compliance with its risk management framework and the requirements of the regulatory guidelines at appropriate interventions.

‍

3. Outsourcing Process

A. Identification of Core and Non-core activities

Company should not outsource core management functions including Internal Audit, Strategic and Compliance functions and decision-making functions like determining compliance with KYC norms for opening deposit accounts, according sanction for loans and management of investment portfolio. The primary servers of the service providers should be located within India.

B. Pre-outsourcing activities

The business unit / operating unit can propose to outsource an activity after considering factors like:

1. Increase in volumes;
2. Best practices in the industry;
3. Lack of skilled manpower available in-house;
4. Lack of adequate infrastructure e.g. systems, space etc;
5. Perceived cost benefits ; and
6. Any other factor as determined.

While deciding on scope of activities to be outsourced, the following considerations should be kept in purview:

1. The activity should be such which could be performed efficiently by an external agency, however the ultimate responsibility will be with the Company;
2. Such outsourcing should result in maintaining, if not enhancing the quality of customer service;
3. Outsourced persons should not have access to the ‘core software’ except for the purpose of limited enquiry and data entry, subject to authorization of the officials;  and
4. Such outsourced activities should be covered under a Outsourcing Agreement spelling out the responsibilities and liabilities of the vendor.

Evaluation of the Risks in Outsourcing Activity

The Company shall evaluate and guard against the following risks in outsourcing:

i. Strategic Risk – Where the service provider conducts business on its own behalf, inconsistent with the overall strategic goals of the Company.

ii. Reputation Risk – Where the service provided is poor and customer interaction is not consistent with the overall standards expected of the Company.

iii. Compliance Risk – Where privacy, consumer and prudential laws are not adequately complied with by the service provider.

iv. Operational Risk- Arising out of technology failure, fraud, error, inadequate financial capacity to fulfil obligations and/ or to provide remedies.

v. Legal Risk – Where the Company is subjected to fines, penalties, or punitive damages resulting from supervisory actions, as well as private settlements due to omissions and commissions of the service provider.

vi. Exit Strategy Risk – Where the Company is over-reliant on one firm, the loss of relevant skills in the Company itself preventing it from bringing the activity back in-house and where the Company has entered into contracts that make speedy exits prohibitively expensive.

vii. Counter party Risk – Where there is inappropriate underwriting or credit assessments.

viii. Contractual Risk – Where the Company may not have the ability to enforce the contract.

ix. Concentration and Systemic Risk – Where the overall industry has considerable exposure to one service provider and hence the Company may lack control over the service provider.

x. Country Risk – Due to the political, social or legal climate creating added risk.

5.4 Evaluating the Capability of the Service Provider

a) In considering or renewing an outsourcing arrangement, appropriate due diligence will be performed to assess the capability of the service provider to comply with obligations in the outsourcing agreement. Due diligence shall take into consideration qualitative and quantitative, financial, operational and reputational factors.

b) The Company will consider whether the service providers' systems are compatible with their own and also whether their standards of performance including in the area of customer service are acceptable to it.

c) The Company will also consider, while evaluating the capability of the service provider, issues relating to undue concentration of outsourcing arrangements with a single service provider.

d) The Company will obtain independent reviews and market feedback on the service provider to supplement its own findings, if necessary.

e) Due diligence shall involve an evaluation of all available information about the service provider, including but not limited to the following:

i. past experience and competence to implement and support the proposed activity over the contracted period;

ii. financial soundness and ability to service commitments even under adverse conditions;

iii. business reputation and culture, compliance, complaints and outstanding or potential litigation;

iv. security and internal control, audit coverage, reporting and monitoring environment, business continuity management; and

v. ensuring due diligence by service provider of its employees.

The process for approval for outsourcing an activity has been documented below:

‍

If the outsourcing arrangement is approved in the meeting

‍

If the outsourcing arrangement is declined / approved with modifications in the meeting

‍

C. Outsourcing Agreement

The terms and conditions governing the contract between Company and the service provider will be carefully defined in written agreements and vetted by Company’s legal counsel on their legal effect and enforceability. Every such agreement addresses the risks and risk mitigation strategies. The agreement should be sufficiently flexible to allow Company to retain an appropriate level of control over the outsourcing and the right to intervene with appropriate measures to meet legal and regulatory obligations. The agreement should also bring out the nature of legal relationship between the parties i.e. whether agent, principal or otherwise. Some of the key provisions of the contract are as follows:

(a) the contract clearly defines what activities are going to be outsourced, including appropriate service and performance standards;

(b) Company will ensure that it has the ability to access all books, records and information relevant to the outsourced activity available with the service provider;

(c) the contract provides for continuous monitoring and assessment by Company of the service provider, so that any necessary corrective measure can be taken immediately;

(d) a termination clause and minimum periods to execute a termination provision, if deemed necessary, will be included;

(e) controls to ensure customer data confidentiality and service providers’ liability in case of breach of security and leakage of confidential customer related information will be incorporated;

(f) there must be contingency plans to ensure business continuity;

(g) the contract provides for the prior approval / consent by Company of the use of sub-contractors by the service provider for all or part of an outsourced activity;

(h) provide Company with the right to conduct audits on the service provider whether by its internal or external auditors, or by agents appointed to act on its behalf and to obtain copies of any audit or review reports and findings made on the service provider in conjunction with the services performed for Company;

(i) outsourcing agreements should include clauses to allow RBI or persons authorized by it to access Company’s documents, records of transactions and other necessary information given to, stored or processed by the service provider, within a reasonable time;

(j) outsourcing agreement will also include a clause to recognize the right of RBI to cause an inspection to be made of a service provider of Company and its books and account by one or more of its officers or employees or other persons;

(k) the outsourcing agreement will also provide that confidentiality of customer’s information should be maintained even after the contract expires or gets terminated; and

(l) Company will ensure it has necessary provisions to ensure that the service provider preserves documents and data as required by law and take suitable steps to ensure that its interests are protected in this regard even post termination of the services.

D. Post outsourcing activities:

a) Periodic Evaluation of Service Provider

The respective department will maintain a calendar for yearly review of outsourced activities by the Outsourcing and Procurement Committee. Respective department will review the vendor and place it before the Outsourcing and Procurement Committee. The Committee will perform a review of the service provider to assess the financial and operational condition, performance during the year and re-assess the capabilities of the service provider/vendor on the basis of:

1. Past breaches of performance standards, confidentiality and security and business continuity preparedness, if any,
2. Business practices and process,
3. Instances of mis-selling and fraud,
4. Instances and frequencies of customer grievances / presidential complaints related,
5. Compliance with related manuals,
6. Compliance with applicable laws and regulations,
7. Compliance with post outsourcing evaluation form,
8. A confirmation on the statutory registrations along with a declaration on statutory registrations to be obtained from the service provider,
9. Service provider organization structure, infrastructure, management strength, and management controls should be reviewed,
10. Feedback report of the reviews needs to be maintained and stored with local operations.

The Outsourcing and Procurement Committee is authorised to amend and suitably lay down evaluation criteria from time to time. The Outsourcing and Procurement Committee on a periodic basis may also authorise surprise checks and audits of the service provider by the authorised personnel from the Company.

In case the service provider does not perform satisfactorily during the period, the Company may decide to terminate the agreement in line with the clauses of the agreement executed with the service provider. The Company would maintain a list of terminated agencies and promoters.

b) Responsibilities of DSA / DMA / Recovery Agents

1. Company will ensure that Direct Sales Agent (DSA) / Direct Marketing Agent (DMA) / Recovery Agents are properly trained to handle with care and sensitivity, their responsibilities, particularly aspects like soliciting customers, hours of calling, privacy of customer information and conveying the correct terms and conditions of the products on offer etc.
2. Company shall put in place a Board-approved Code of Conduct for DSA / DMA / Recovery Agents and obtain their undertaking to abide by the code. In addition, Recovery Agents shall adhere to extant instructions on Fair Practice Code for Non-Banking Financial Companies as also their own code for collection of dues and repossession of security. It is essential that the Recovery Agents refrain from action that could damage the integrity and reputation of Company and that they observe strict customer confidentiality.
3. Company and their agents should not resort to intimidation or harassment of any kind either verbal or physical against any person in their debt collection efforts, including acts intended to humiliate publicly or intrude the privacy of the debtors’ family members, referees and friends, sending inappropriate messages either on mobile or through social media, making threatening and anonymous calls, persistently calling the borrower and/or calling the borrower before 8:00 am and after 7:00 p.m. for recovery of overdue loans or making false and misleading representations.

c) Business Continuity and Management of Disaster Recovery Plan

1. Company requires its service providers to develop and establish a robust framework for documenting, maintaining and testing business continuity and recovery procedures. Company needs to ensure that the service provider periodically tests the Business Continuity and Recovery Plan and company may also consider occasional joint testing and recovery exercises with the service provider.
2. In order to mitigate the risk of unexpected termination of the outsourcing agreement or liquidation of the service provider, Company should retain an appropriate level of control over the outsourcing and the right to intervene with appropriate measures to continue its business operations in such cases without incurring prohibitive expenses and without any break in the operations of the company and its services to the customers.
3. In establishing a viable contingency plan, Company will consider the availability of alternative service providers or the possibility of bringing the outsourced activity back inhouse, in an emergency and the costs, time and resources that would be involved.
4. Outsourcing often leads to the sharing of facilities operated by the service provider. Company will ensure that service providers are able to isolate Company’s information, documents, records and other assets. This is to ensure that in adverse conditions, all documents, records of transactions and information given to the service provider, and assets of Company, can be removed from the possession of the service provider in order to continue its business operations, or deleted, destroyed or rendered unusable.

d) Monitoring and Control of Outsourced Activities

1. Company will have in place, a management structure to monitor and control its outsourcing activities. It should ensure that outsourcing agreements with the service provider contain provisions to address their monitoring and control of outsourced activities.
2. A central record of all material outsourcing that is readily accessible for review by the Board and senior management of Company will be maintained. The records will be updated promptly and half yearly reviews should be placed before the Board or Risk Management Committee.
3. Regular audits by either the internal auditors or external auditors of Company will assess the adequacy of the risk management practices adopted in overseeing and managing the outsourcing arrangement, Company’s compliance with its risk management framework and the requirements of RBI Directions.
4. Company will, at least on an annual basis, review the financial and operational condition of the service provider to assess its ability to continue to meet its outsourcing obligations. Such due diligence reviews, which can be based on all available information about the service provider should highlight any deterioration or breach in performance standards, confidentiality and security, and in business continuity preparedness.
5. In the event of termination of outsourcing agreement for any reason in cases where service provider deals with the customers, the same will be publicized by displaying at a prominent place in the branch, posting it on the website and informing the customers so as to ensure that the customers do not continue to entertain or deal with the service provider.
6. Certain cases, like outsourcing of cash management, might involve reconciliation of transactions between Company, the service provider and its sub-contractors. In such cases, Company will ensure that reconciliation of transaction between Company and the service provider (and / or its sub-contract) are carried out in a timely manner. An ageing analysis of entries pending reconciliation with outsourced vendors will be placed before the Audit Committee of the Board (“ACB”) / Outsourcing & Procurement Committee and Company will make efforts to reduce the old outstanding items therein at the earliest.
7. A robust system of internal audit of all outsourced activities will also be put in place and monitored by the ACB / Outsourcing & Procurement Committee of Company.

e) Redressal of Grievances related to Outsourced Services

1. Company has constituted a Grievance Redressal Machinery as contained in RBI’s circular on Grievance Redressal Mechanism vide DNBS.CC.PD.No.320/03.10.01/2012-13 dated February 18, 2013. At the operational level, Company has displayed the name and contact details (telephone/mobile numbers and email address) of the Grievance Redressal Officer prominently at their branches / places where business is transacted. The designated officer ensures that genuine grievances of customers are redressed promptly without involving delay including the issues relating to services provided by outsourced agency.
2. Generally, a time limit of 30 days may be given to the customers for preferring their complaints/grievances. The grievance redressal procedure of Company and the time frame fixed for responding to the complaints will be placed on Company’s website.

f) Reporting of Transactions to FIU or other Competent Authorities

The company is responsible for making Currency Transactions Reports and Suspicious Transactions Reports to FIU or any other competent authority in respect of Company’s customer related activities carried out by the service providers.

‍

4. Outsourcing within a Group / Conglomerate

1. In a group structure, Company may have back-office and service arrangements / agreements with group entities e.g. sharing of premises, legal and other professional services, hardware and software applications, centralize back-office functions, outsourcing certain financial services to other group entities, etc. Before entering into such arrangements with group entities, Company will frame a Board approved policy and also service level agreements / arrangements with its group entities, which also covers demarcation of sharing resources i.e. premises, personnel, etc. Moreover, the customers will be informed specifically about the company which is actually offering the product / service, wherever there are multiple group entities involved or any cross selling observed.
2. While entering into such arrangements, Company will ensure that these:
   1. are appropriately documented in written agreements with details like scope of services, charges for the services and maintaining confidentiality of the customer's data;
   2. do not lead to any confusion to the customers on whose products/ services they are availing by clear physical demarcation of the space where the activities of Company and those of its other group entities are undertaken;
   3. do not compromise the ability to identify and manage risk of Company on a stand-alone basis;
   4. do not prevent RBI from being able to obtain information required for the supervision of Company or pertaining to the group as a whole; and
   5. incorporate a clause under the written agreements that there is a clear obligation for any service provider to comply with directions given by the RBI in relation to the activities of Company.

1. Company will ensure that its ability to carry out their operations in a sound fashion would not be affected if premises or other services (such as IT systems, support staff) provided by the group entities become unavailable.
2. If the premises of Company are shared with the group entities for the purpose of cross-selling, Company will take measures to ensure that the entity’s identification is distinctly visible and clear to the customers. The marketing brochure used by the group entity and verbal communication by its staff / agent in Company’s premises will mention nature of arrangement of the entity with Company so that the customers are clear on the seller of the product.
3. Company will not publish any advertisement or enter into any agreement stating or suggesting or giving tacit impression that they are in any way responsible for the obligations of its group entities.
4. The risk management practices expected to be adopted by Company while outsourcing to a related party (i.e. party within the Group / Conglomerate) would be identical to those specified in Clause 3 of this Policy.

‍

5. Off-Shore Outsourcing of Financial Services

1. The engagement of service providers in a foreign country exposes Company to country risk -economic, social and political conditions and events in a foreign country that may adversely affect Company. Such conditions and events could prevent the service provider from carrying out the terms of its agreement with Company. To manage the country risk involved in such outsourcing activities, Company will take into account and closely monitor government policies and political, social, economic and legal conditions in countries where the service provider is based, both during the risk assessment process and on a continuous basis, and establish sound procedures for dealing with country risk problems. This includes having appropriate contingency and exit strategies. In principle, arrangements will only be entered into with parties operating in jurisdictions generally upholding confidentiality clauses and agreements. The governing law of the arrangement will also be clearly specified.
2. The activities outsourced outside India will be conducted in a manner so as not to hinder efforts to supervise or reconstruct the India activities of Company in a timely manner.
3. As regards the off-shore outsourcing of financial services relating to Indian operations, Company will additionally ensure that:

(a) where the off-shore service provider is a regulated entity, the relevant off-shore regulator will neither obstruct the arrangement nor object to RBI inspection visits / visits of Company’s internal and external auditors;

(b) the availability of records to management and the RBI will withstand the liquidation of either the offshore custodian or Company in India;

(c) the regulatory authority of the offshore location does not have access to the data relating to Indian operations of Company simply on the ground that the processing is being undertaken there (not applicable if off shore processing is done in the Company’s home country);

(d) the jurisdiction of the courts in the off-shore location where data is maintained does not extend to the operations of Company in India on the strength of the fact that the data is being processed there even though the actual transactions are undertaken in India; and

(e) all original records continue to be maintained in India.

‍

6. Confidentiality and Security

1. Public confidence and customer trust in Company is a prerequisite for the stability and reputation of Company. Hence, Company seeks to ensure the preservation and protection of the security and confidentiality of customer information in the custody or possession of the service provider.
2. Access to customer information by staff of the service provider should be on ‘need to know’ basis, i.e. limited to those areas where the information is required in order to perform the outsourced function.
3. Company will ensure that the service provider is able to isolate and clearly identify Company’s customer information, documents, records and assets to protect the confidentiality of the information. In instances, where service provider acts as an outsourcing agent for multiple companies, care should be taken to build strong safeguards so that there is no co-mingling of information / documents, records and assets.
4. Company will review and monitor the security practices and control processes of the service provider on a regular basis and require the service provider to disclose security breaches.
5. Company will immediately notify RBI in the event of any breach of security and leakage of confidential customer related information. In these eventualities, Company would be liable to its customers for any damage.

‍

7. Company’s Role and Regulatory and Supervisory Requirements

1. The outsourcing of any activity by Company does not diminish its obligations, and those of its Board and senior management, who have the ultimate responsibility for the outsourced activity. Company is, therefore, be responsible for the actions of its service provider including Direct Sales Agents (“DSA”) / Direct Marketing Agents (“DMA”) and Recovery Agents and the confidentiality of information pertaining to the customers that is available with the service provider. Company retains ultimate control of the outsourced activity.
2. Company will, when performing its due diligence in relation to outsourcing, consider all relevant laws, regulations, guidelines and conditions of approval, licensing or registration.
3. Outsourcing arrangements will not affect the rights of a customer against Company, including the ability of the customer to obtain redress as applicable under relevant laws. Since the customers may be required to deal with the service providers in the process of dealing with Company, Company will incorporate a clause in the product literature / brochures etc., stating that they may use the services of agents in sales / marketing etc. of the products. The role of agents may be indicated in broad terms.
4. Outsourcing, whether the service provider is located in India or abroad, should not impede or interfere with the ability of Company to effectively oversee and manage its activities nor should it impede RBI in carrying out its supervisory functions and objectives.
5. Company will provide a robust grievance redressal mechanism, which in no way will be compromised on account of outsourcing.
6. The service provider, if it is not a group company of Company, will not be owned or controlled by any director or officer/employee of Company or their relatives; these terms have the same meaning as assigned under Companies Act, 2013.

‍

8. Record Keeping

The Company will maintain all records, documents and other papers relating to outsourcing for a period of 8 years.

‍

9. Policy Review and Updates

This Policy is intended to continue to evolve over time with business changes. The Policy should at least be reviewed on an annual basis by the Outsourcing and Procurement Committee.

(i) Drafted on behalf of the Company by: Mr. Nagaraj Subrahmanya, CRO

(ii) Internally reviewed by: Mr. Manish Thakkar, COO

(iii) Approved by the Board of the Company on: October 30, 2017, Revision 1 on: March 13, 2023, Revision 2 on: November 12, 2024.

‍

10. Regulatory References

This Policy is framed according the following regulatory references:

1. Annexure XIII, Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFCs under Master Direction- Reserve Bank of India (Non-Banking Financial Company- Scale Based Regulation) Directions, 2023

‍

11. Annexure

Annexure 1:

Materiality of Outsourcing

The risk and materiality of any outsourcing arrangement will be identified and evaluated prior to entering into any outsourcing arrangement by the unit. The extent and degree to which this Policy is implemented is expected to be commensurate with the materiality of the outsourcing.

The Company will without limitation consider the following factors while assessing materiality of any outsourcing arrangement:

1. Level of importance of the business activity to be outsourced,
2. Potential impact of the outsourcing on the earnings, solvency, liquidity, funding capital and risk profile of the Company,
3. Cost of outsourcing as a proportion of total operating costs of the Business/Unit,
4. Nature and extent of data sharing involved, impact on data privacy and security,
5. Aggregate exposure to a particular service provider, in case where various functions are outsourced to the same service provider.

Governance for Material Outsourcing Activities

If the activity to be outsourced is rated as material as per the materiality assessment template, the following additional measures should be adhered to:

1. The outsourced service provider shortlisted outsourcing of activity must fulfil an additional requirement of having prior experience of providing a similar service in another organization for at least 12 months with a good feedback rating,
2. The Outsourcing and Procurement Committee may recommend a more frequent performance review of the service provider.

‍

Materiality Assessment Template

[AKA Note: Avanti to confirm.]

Name of the activity:

Description of the Activity:  

Proposer of Outsourcing Arrangement:  

Date of Assessment:

‍

Remarks: The activity would be termed as material if either

a) The number of rows marked under the “YES” column is 5 or more,

                                                  OR

b) Answer to either points 12 or 13 is marked as “YES”

(Positive answer to points 12 or 13 would override the scoring requirements)

Annexure 2:

List of Activities not to be outsourced

Core management functions including Internal Audit, Compliance functions and decision making functions like determining compliance with Know Your Customer (KYC) norms for account opening will not be outsourced.

Additions or deletions to the list of activities that cannot be outsourced needs to be approved by the Outsourcing and Procurement Committee.

Illustrations of activities currently outsourced / may be outsourced by the Company include:

1. Customer creation and Loan Processing
2. Quality check
3. Storage and Management
4. Scanning of documents by outsourced employees on company’s premises;

1. Scope / Purpose of the Policy

The purpose of this information security policy (“Policy”) is to safeguard information belonging to the Avanti Finance Private Limited (“Company”) and its stakeholders (third parties, clients or customers and the general public), within a secure environment.

This Policy informs the Company’s employees, contractors, and other individuals that are entrusted with any information related to the business, of the principles governing the holding, use and disposal of information.

For the sake of clarity, the term “information” relates to:

(i) Electronic information systems (software, computers, and peripherals) owned by the Company whether deployed or accessed on or off campus.

(ii) The Company computer network used either directly or indirectly.

(iii) Hardware, software and data owned by the Company.

(iv) Paper-based materials.

(v) Electronic recording devices (video, audio, CCTV systems).

‍

2. Key Objectives

(i) Information will be protected against unauthorised access or misuse.

(ii) Confidentiality of information will be secured.

(iii) Integrity of information will be maintained.

(iv) Availability of information / information systems is maintained for service delivery.

(v) Business continuity planning processes will be maintained.

(vi) Regulatory, contractual and legal requirements will be complied with.

(vii) Physical, logical, environmental and communications security will be maintained.

(viii) Violation of this Policy may result in disciplinary action or criminal prosecution.

(ix) When information is no longer of use, it is disposed of in a suitable manner.

(x) All information security incidents will be reported to the information security manager (a leadership role that may be titled and designated based on the needs of the Company) and investigated through the appropriate management channel.

‍

3. The Policy

The Company requires all users to exercise a duty of care in relation to the operation and use of its information systems, irrespective of form or media.

‍

3.1 Authorised users of information systems

With the exception of information published for public consumption, all users of the Company’s information systems must be formally authorised by appointment as an employee, contractor, or by other processes of non- disclosure specifically authorised by the person authorised to manage information security. Authorised users will be in possession of a unique user identity. Any password associated with a user identity must not be disclosed to any other person.

Authorised users will pay due care and attention to protect Company’s information in their personal possession. Confidential, personal or private information must not be copied or transported without consideration of:

(i) permission of the information owner.

(ii) the risks associated with loss or falling into the wrong hands.

(iii) how the information will be secured during transport and at its destination.

3.2 Acceptable use of information systems

Use of the Company’s information systems by authorised users will be lawful, honest and decent and shall have regard to the rights and sensitivities of other people.

3.3 Information System Owners

Authorised officers, who are responsible for information systems are required to ensure that:

(i) Systems are adequately protected from unauthorised access.

(ii) Systems are secured against theft and damage to a level that is cost- effective.

(iii) Adequate steps are taken to ensure the availability of the information system, commensurate with its importance (Business Continuity).

(iv) Electronic data can be recovered in the event of loss of the primary source i.e. failure or loss of a computer system. It is incumbent on all system owners to backup data and to be able to restore data to a level commensurate with its importance (Disaster Recovery).

(v) Data is maintained with a high degree of accuracy.

(vi) Systems are used for their intended purpose and that procedures are in place to rectify discovered or notified misuse.

(vii) Any electronic access logs are only retained for a justifiable period to ensure compliance with the data protection, investigatory powers and other relevant acts concerning information and privacy.

(viii) Any third parties entrusted with Company data understand their responsibilities with respect to maintaining its security.

3.4 Personal Information

Authorised users of information systems are not given rights of privacy in relation to their use of Company information systems. Duly authorised officers of the Company may access or monitor personal data contained in any Company information system (mailboxes, web access logs, file-store etc.).

3.5 Individuals in breach of this Policy are subject to disciplinary procedures (employee, contractor or third party) at the instigation of the officer with responsibility for the relevant information system, including referral to the Police where appropriate.

The Company will take legal action to ensure that its information systems are not used by unauthorised persons.

‍

4. Information Security Organisation Structure

The information security organisation of the Company constitutes an Information Security Committee, the composition and responsibility of which is mentioned under the Information Security Committee Charter of the Company.

‍

5. Penal Action

Company’s disciplinary protocols are based on the severity of the violation. Unintentional violations only warrant a verbal warning, repeat violations (either intentional or unintentional) of the same nature can lead to a written warning, and intentional violations can lead to suspension and/or termination, depending on the circumstances of the case, initiation of criminal proceedings or seek any other remedy as available under the applicable law against the violator(s).

‍

6. Continual improvement

We encourage feedback from all stakeholders—employees, customers, partners regarding our information security practices. Our organisation is committed to regular internal and independent reviews to strengthen the systems and achieve continual improvement.

‍

7. Review

CISO shall be responsible for an annual review of the compliance with this Policy and the applicable laws and regulations.

‍

8. Ownership and Responsibility

8.1 The information security manager has direct responsibility for maintaining this Policy and providing guidance and advice on its implementation.

Information system owners are responsible for the implementation of this Policy within their area, and to ensure adherence.

‍

9. Regulatory Reference

This Policy is framed as per the following regulatory references and in accordance with leading industry practice: Reserve Bank of India (Information Technology Governance, Risk, Controls and Assurance Practices) Directions, 2023.

Anti Child Labour And Forced Labour Policy

‍

1. INTRODUCTION

1.1 Avanti Finance Private Limited (hereinafter referred to as “the Company” or “we”), a NonBanking Financial Company (“NBFC”) registered with the Reserve Bank of India, is deeply committed to improving and strengthening the economic status of disadvantaged communities by rendering financial support through its products and services for small businesses across sectors.

1.2 The protection of human rights and fundamental freedoms is a top priority for the Company - a commitment which is codified and enforced through the Company's own Code of Conduct(accessible at: https://avantifinance.in/policies/ (“Code”) and its Environment and Social Governance Policy) (“ESG Policy”).

1.3 The Company acknowledges and condemns the unfortunate and disturbing reality of globaltrade and business, where many vulnerable children and adults, denied of their basic rights and opportunities, are exploited as labour due to ignorance, poverty, irregular income streams for family, economic shocks, lack of access to social security, education, health facilities, food security etc.

1.4 The Company does not engage in or tolerate any forms of child labour or forced labour.  Through this Child Labour and Forced Labour Policy (“Policy”), the Company affirms its commitment to eliminate child labour and forced labour from all its business-to-business (“B2B”) relationships at the institutional level i.e., with another company or a self-help group or trust or society to whom we extend institutional loans (hereinafter referred to as “Institutional Entities”).

‍

2. OBJECTIVES OF POLICY

2.1 This Policy has been designed to:

a) codify a prohibition of both child labour and forced labour;

b) provide an operative framework for addressing instances where child labour or forced labour is identified; and

c) lay down strategies for its prevention.

‍

3. RELATIONSHIP BETWEEN POLICY AND THE COMPANY’S ESG

3.1 The Company is committed to compliance with its ESG Policy which sets out the guidelines for environmental stewardship, social risk due diligence and mitigation based on internationally recognised standards.

3.2 The purpose of this Policy is to address the issue of child labour and forced labour with greater depth and rigour than in the ESG Policy. This Policy provides the background information and is to be read and operationalised in conjunction with the ESG Policy.

‍

4. SCOPE

4.1 This Policy applies to Company’s dealings at the B2B level while lending to Institutional Entities. The Company expects Institutional Entities to internalise similar standards to address instances of child and forced labour in the conduct of their business.

‍

5. CHILD LABOUR

5.1 Child Labour defined

5.1.1. Child Labour is all work that deprives children of their childhood, their potential and their dignity and is harmful to their physical and mental development. In keeping with the International Labour Organisation (“ILO”) standards, the Company defines child labour as:

1. Work that is mentally, physically, socially or morally dangerous and harmful;
2. Work that fails to take into account compulsory schooling;
3. Work that prevents children from attending school;
4. Work that makes it necessary for children to leave school prematurely; or
5. Work that requires children to combine school attendance with long and heavy work.

5.1.2. The worst forms of child labour involve enslavement, separation of children from their families and exposure to hazardous conditions.

5.2 Distinction based on Hazardous Work

Under applicable Indian law, engagement of child labour and/or adolescent labour in hazardous occupations or processes is banned. Accordingly, Company will not tolerate and/or encourage such engagement under any circumstances.

5.3 Distinction between Child Labour and Young Worker

5.3.1  In keeping with Indian law and internationally recognised standards, the Company makes a distinction between child labour and young workers or adolescents.

5.3.2  Applicable law in India defines an ‘adolescent’ to be a person between the ages of 14 (fourteen) to 18 (eighteen) years and permits employment of adolescent labour except in certain specified hazardous processes or occupations such as mines, inflammable substances, coal industries and such other occupations as may be notified under the applicable law. In keeping with ILO Convention 138, the Company is of the view that employment of children who are under 15 years of age and have not completed compulsory schooling shall not be allowed to work.

5.3.3  At the outset, it is pertinent to clarify that the Company only employs qualified and specialised professionals for undertaking the work as an NBFC, therefore, the question of employing children or adolescents does not arise. However, this may not be the case with many other stakeholders and partners across the Company’s value chain, particularly those at the grassroot level involved in mobilising the poor and vulnerable communities or seeking financial support from the Company for their small businesses. Further under Indian law, adolescents are permitted to work in occupations or processes that are demonstrably non-hazardous in nature. Accordingly, Company may engage with stakeholder that employs or engages adolescents in such non-hazardous occupations / processes. However, such stakeholder engagement should be undertaken upon prior assessment of the nature of the activities employing / engaging adolescents on a case to case basis.

5.4 Prohibition of Child Labour

5.4.1. The Company is an ethically driven organisation that accepts the responsibility for setting standards for itself and Institutional Entities to achieve the minimum level of protection available asper applicable law. The ESG Policy provides the basis for all B2Bcollaboration, wherein Institutional Entities are expected to adhere to similar standards in the conduct of their business or operations. Accordingly:

a. the minimum age for recruitment for all levels of employees at the Company shall be 18years and above.

b. in exceptional circumstances and in accordance with applicable law and subject to Clause 5.3.3 above, the Company may permit Institutional Entities to employ adolescents or young workers.

The Company will implement reliable control mechanisms at the level of hiring procedures to prevent child labour. Accordingly, the Company will require that Institutional Entities also put in place similar effective controls. In relation to the same, Institutional Entities shall be required to provide a self-declaration in the format as provided in Annexure A of this Policy.

5.5 Addressing instances of Child Labour

5.5.1  If there are any cases of violation concerning issues related to child labour, such cases shall be investigated, and suitable remedial action shall be initiated including in accordance with applicable law. In order to ensure the well-being of the child in such cases, the Company will require compliance with the minimum conditions set forth below:

a. The child must cease work immediately.  

b. The employer must provide the child with appropriate compensation for the loss of employment.  

c. The employer must safeguard and promote the welfare of the child, which will include, for example, verification of continuation of compulsory schooling and financial assistance for the family of the respective child.

5.5.2  The Company shall strive to put in place mechanisms to monitor the implementation of these measures in its dealings with Institutional Entities which would be tailored in reference to the type of financial product being availed and the industrial sector in which the Institutional Entity operates. For example, Institutional Entities may be required to provide Company with a

declaration confirming their compliance with the norms against child labour in the format as mentioned in Annexure A of this Policy to be obtained during onboarding and at the time of annual renewal.

5.5.3  The Company reserves the right to verify on site the implementation of such actions by Institutional Entities, as necessary. Appropriate obligations underscoring this requirement shall be incorporated in Company’s agreements with Institutional Entities. In the event any Institutional Entity refuses to cooperate and/or fails to remedy the situation, the Company reserves the right to terminate the business relationship as a last resort.

‍

6. FORCED LABOUR

6.1 Forced Labour defined

In line with international standards set by ILO, the Company understands forced labour to beany work or service, which is performed involuntarily under threat of penalty. The Company will not tolerate or condone any form of forced labour, bonded labour, modern slavery or human trafficking (collectively referred to as “forced labour”).

6.2 Prohibition of Forced Labour

6.2.1  Through compliance with the Code, the ESG Policy and Bonded Labour System (Abolition) Act,

1976 (“BLSA”), the Company takes a firm and active stand against all forms of forced labour.

6.2.2  The Company prohibits the use of forced labour and expects the same of the Institutional Entities. The freedom of workers may not be restricted and must be ensured at all times. At the minimum, the following standards must be complied with:

6.2.1  In the event any Institutional Entity refuses to cooperate and/or fails to remedy the situation, the Company reserves the right to terminate the business relationship as a last resort.

‍

7. POINT OF CONTACT FOR ISSUES INVOLVING CHILDLABOUR AND FORCED LABOUR

7.1     Any questions on this Policy or on the subject of child labour and forced labour ingeneral may be directed to the Chief Risk Officer of the Company. Chief Risk Officer shall be responsible for the implementation of the Policy.

‍

8. POLICY REVIEW ANDUPDATES  

This document shall be reviewed by the COO, and shall be reviewed at least once a year.  Reviews shall also account for any significant business changes and/or any regulatory requirements.

This Policy was:

I. Drafted on behalf of the Company by: Mr Nagaraj Subrahmanya, CRO

II. Internally reviewed by: Mr Manish Thakkar, COO

III. Approved bythe Board of the Company on: February 03, 2021, Revision 1 on: October 31, 2023,Revision 3 on: December 19, 2024

‍

Annexure A

(To be on the letterhead of the Institutional Entity)

Ref: [•]

Date: [•]  

To:

Avanti Finance Private Limited  

#2727, 2nd Floor,

1st Main Road, HAL3rd Stage,

Ward No. 58 (OldNo. 83),

New Thippasandra, Bangalore,

Bangalore North, Karnataka, India, 560075

Sub: Declaration in relation to required compliances for the purposes of availing loan from Avanti Finance Private Limited.

Dear Sir's

Please refer to loan application dated wherein we seek to avail a loan of amount (“Loan”). In pursuance of the same, and as required by Avanti Finance Private Limited, we hereby declare the following statements to be true and correct:

1. Before grant of employment, we verify the age of the applicants by requiring them to present valid identification issued by Central Government, State Government or other relevant authority prior to employment. Such documents may include birth certificates, school records, etc.;

2. At the time of grant of employment, we have retained a copy of such verified documents in the personnel file of the employee for the entire period of employment; and

3. Under no circumstances shall any adolescent/young worker’s school, work, and transportation time exceed a combined total of 10 hours per day, and in no case shall young workers work more than 8 hours a day. Young workers or adolescents may not work during night hours and shall be entitled to all benefits and pay on the principle of ‘equal pay for equal work’ as an adult worker.

We understand and agree that if at any point of time any of the statements above that are represented to be true becomes untrue during the period the Loan remains outstanding, Avanti Finance Private Limited shall be entitled to terminate the Loan Agreement and immediately recall the loan amount.

Yours faithfully,

For [Insert Name of Institutional Entity]

Authorised Signatory

Environment and Social Governance Policy

‍

1. SCOPE AND PURPOSE OF THIS POLICY

1.1 In this Environment and Social Governance Policy (“ESG Policy”), “we” or “us” or “our” means Avanti Finance Private Limited (“Company”), and includes its executive directors, officers, employees , as the context may require.

1.2 Please refer to our Code of Conduct (accessible at: <https://www.avantifinance.in/policies#avanti-finance-code-of-conduct-policy> ) (“Code”), where we have outlined our broad commitment to upholding certain environment and social standards as responsible individuals as well as a responsible corporate person. This includes the commitment to (i) integrate environmental and social principles in our business; (ii) engage with the community and other stakeholders to minimise adverse impact on environment; and (iii) prevent the wasteful use of natural resources particularly with regard to the emission of greenhouse gases, consumption of water and energy, and the management of waste and hazardous materials.

1.3 This ESG Policy has been framed and adopted by us in line with our commitments under the Code and applies to all our business-to-business (“B2B”) relationships at the institutional level i.e., with another company or a self-help group or trust or society to whom we extend institutional loans (hereinafter referred to as “Institutional Entities”). This ESG Policy delineates various measures that we shall endeavour to take in operationalising our commitment.

‍

2. IDENTIFICATION OF ENVIRONMENTAL AND SOCIAL RISKS

2.1 Environmental and social risks (“ES risks”) can be understood as given below:

2.1.1 Environmental risks may include:

(i) Pollution (for example: contamination of air, land or water);

(ii) Deforestation;

(iii) Loss of biodiversity and natural habitats;

(iv) Greenhouse gas emissions and climate change impacts; and/or

(v) Depletion of natural resources.

2.1.2 Social risks may include:

(i) Child labour;

(ii) Occupational health and safety;

(iii) Working conditions;

(iv) Potential threats to livelihood of indigenous communities;

(v) Forced and compulsory labour; and/or

(vi) Community health, safety and security.

2.2 Key Performance Indicators (KPIs) adopted by Company for ES risks are provided below:

2.2.1 KPIs for environmental risks:

(i) Energy Consumption: The Company monitors the usage of the energy in its office spaces and focuses on minimizing its energy footprint. Company invests in energy efficient appliances, lighting, office utilities and other renewable sources to promote sustainability.

(ii) Waste Management: Company manages its waste reduction, ensure proper disposal and is constantly driving towards zero-waste. As part of this effort, Company also seeks to become 100% paperless and moving towards digitizing documents with its partners, borrowers and other stakeholders to minimize environmental impact.

(iii) Biodiversity Preservation: On a consistent basis, Company organizes plantation drives, and workshops to educate its employees on the imprtance of biodiversity and environmental preservation, fostering awareness and active participation in ecological conservation.

2.2.2 KPIs for social risks:

(i) Diversity and Inclusion: Company values diversity in the workplace and strives to create an inclusive environment where all employees, regardless of background, can thrive. It fosters equal opportunities and encourages representation across various demographic groups.

(ii) Health and Safety Measures: Company is committed to maintaining high safety standards, reducing workplace hazards, and promoting the well-being of employees through proactive health and safety initiatives.

(iii) Training and Development: Company invests in the continuous growth and professional development of its employees. Through regular training programs and workshops, Company equips its taskforce with the necessary skills and knowledge to contribute effectively to the Company.

(iv) Community Engagement: Company encourages its employees to participate in team-bonding activities, exchange opinions and foster positive relationships.

2.3 Please refer to our risk management policy (“Risk Management Policy”), which outlines the framework to identify various risks and manage them in line with the objectives of the Company (Strategic, Operations, Compliance and Reporting). In this respect, we acknowledge and understand that ES risks may also contribute as factors of risk and may affect all or any of the objectives of the Company. Accordingly, we strive to put in place a mechanism to identify, assess and respond to ES risks in our B2B relationships with Institutional Entities in accordance with our established framework as mentioned in this Policy.

2.4 Such mechanism shall be designed with due regard including to:

(i) Our business model;

(ii) Types of financial services offered by us (taking into account the duration, amounts involved; the purpose of the seeking finance, and the corporate value chain of the Institutional Entity);

(iii) Industry sectors of our portfolio and that of Institutional Entity;

(iv) Types of ES risks related to the portfolio and the potential to cause adverse impacts;

(v) Specific geographic extent of applicant’s proposed business activities;

(vi) Applicable industry initiatives and legal frameworks; and/or

(vii) Cultural aspects (internal and external).

‍

3. ROLES AND RESPONSIBILITIES

3.1 Please refer to our Risk Management Policy (“Risk Policy”), which lays down the governance structure in relation to risk management and assigns certain tasks inter alia for assessment, management, reporting and implementation of risks to a specific department of the Company (“Risk Management Committee”).

3.2 Accordingly, the Risk Management Committee of the Company shall be responsible for evolving appropriate parameters for ES risk identification, assessment, and mitigation strategies in line with this ESG Policy. The Risk Management Committee is composed of elected or nominated Board members, CEO of the Company, heads of various verticals including Chief Risk Officer as well as other personnel as required and ratified by the Board.

3.3 Some of the key factors for consideration of the Risk Management Committee in this regard include:

‍

3.4 Risk Management Committee shall undertake an annual internal assessment of the responsiveness of this ESG Policy with reference to relevant sectors in which Company undertakes its financial activities.

‍

4. GOVERNING PRINCIPLES

4.1 We recognise that social and environment factors have a direct bearing on the growth of our Company and the society at large. Accordingly, Company will conduct its business and operations in compliance with all relevant and applicable laws in the country including those concerning the environment, labour, occupational health, and safety regulations.

4.2 Through our financing activities with Institutional Entities, we undertake to pay specific attention to supporting sustainable livelihoods; inclusive and equitable human development; and social development.

4.3 The ES risk assessment of and by Institutional Entities shall be based on the type of product and services deployed by us. For example, the B2B risk assessment shall be sector-specific and customised to suit agricultural loans, project finance and equity transactions, MSME lending and transactions in sensitive sectors like mining, power, oil and gas etc.

4.4 We recognise that environment health and safety is an important and integral component of the broader ESG Policy. We are committed to providing a safe and healthy working environment and comply with all regulations for the preservation of the environment. We shall strive for a safe and healthy environment that shall be free from occupational injury and disease. We shall also pursue high standards of safety, health and environmental management as an integral part of efficient management of our business.

4.5 We recognise that we are in a unique position to actively engage with our various stakeholders including our employees, partners and vendors to develop their needs, interests and expectations and align these with the broader environmental and social concerns associated with their activities. We shall endeavour to communicate and disseminate this ESG Policy including the due diligence process as recommended below to all partner Institutional Entities.

‍

5. ES DUE DILIGENCE FRAMEWORK

5.1 This ESG Policy has been designed to guide us in adhering to environmental, social, and governance norms consistent with the values of Company as referenced in the Code. Accordingly, we shall strive to integrate our risk assessment framework with specific ES risk identification and mitigation measures in our dealings with Institutional Entities. The responsibility to carry out such measures will rest on the Partnerships Team or such other team that is put in place for the same.

5.2 We may choose to interact directly with the Institutional Entity or through our partners. The term “partner” in this ESG Policy means and includes our authorised representatives and/or third-party agents appointed by us for assistance in undertaking our business activities with Institutional Entities. Accordingly, we shall strive to leverage the use of our partners to monitor in general the application of our internal assessment framework.

5.3 Partner shall procure a self-declaration from the Institutional Entities in the format as provided under Annexure A of this Policy and provide confirmation to the effect that the Institutional Entity is not engaged in activities that violate applicable laws pertaining to the environment.

5.4 The Partnerships Team shall conduct due diligence on the following aspects:

5.4.1 Applicant Diligence: Prospective Institutional Entities who seek to avail the financial products offered by us shall be screened to ensure that they are not found to be grossly non-compliant with our ESG Policy, relevant national and state-specific laws and such other regulations as may be applicable in the instant case.

5.4.2 Loan Application: Scrutinise every loan application received from our existing and/or prospective Institutional Entities to identify environment, social or labour risk. This shall be in addition to the principles that are more specifically outlined in our Credit Risk Policy.

5.4.3 Purpose of Loan: It shall ensure that the end-use of our loan products to such Institutional Entities does not conflict with any relevant and applicable laws in India concerning environmental, occupational health and safety regulations. In particular, we shall strive to work with our field partners and help them report to us in case the loan availed from us is being used for non-compliant purposes. In such cases, Company shall be entitled to, subject to the loan agreement with the Institutional Entity, cancel or recall the loan and apply any proceeds to mitigate any proven damage to the environment.

5.4.4 Loan Agreements: In case its assessment points towards specific ES risks in respect of a particular Institutional Entity or a class of Institutional Entities, the Partnerships Team shall ensure that the respective loan agreements enumerate relevant clauses on applicable environmental and/or labour laws whereby obligations to mitigate such risks is made part of the loan agreement.

5.4.5 Partner / Vendor Diligence: At the stage of onboarding, Partnerships Team will verify that the proposed partner is not grossly non-compliant with our ESG Policy, relevant national and state-specific laws, social and labour laws, and such other regulations as may be applicable in the instant case.

5.4.6 Partner / Vendor Agreements: We shall ensure that our agreements with partners shall enumerate relevant clauses on applicable environmental and/or labour laws.

5.5 Monitoring and Reporting: To the extent reasonably possible, we shall require our partners to assess whether the spirit of this ESG Policy is being observed. Such assessment may take several forms including documenting pre-disbursal undertakings from the Institutional Entities; post-disbursal inspection of relevant premises or locations to ascertain that any financing availed from us continues to be deployed for activities in line with this ESG Policy; and preparing periodic reports of these and other ancillary matters for our further review.

5.6 Exclusion List: Company shall not knowingly lend or offer any financial products to applicants engaged in the following activities:

(i) Production or trade in any product or activity deemed illegal under host country laws or regulations or/and international conventions and agreements, including production or trade in pharmaceuticals, pesticides / herbicides and ozone-depleting substances , subject to international phase-out or ban.

(ii) Production or activities involving harmful or exploitative forms of forced labour  / harmful child labour .

(iii) Production or trade of equipment (including, but not limited to, nuclear products, weapons and munitions), designed or designated for military purpose.

(iv) Any business relating to pornography or prostitution.

(v) Any entity that has been subject to corruption, bribery or money laundering, unless there is a proof of a structural change within the entity leading to fundamental behavioural changes.

(vi) Any entity for whom it is the main activity, i.e. more than 5% of total revenue, or any financial institution with more than 5% of gross loan portfolio or 5% of deposits (all below-mentioned sectors cumulated) in production or wholesale trade of the following:

(a) Distilled alcoholic beverages;

(b) Tobacco;

(c) Gambling, casinos and equivalent enterprises;

(d) Mining and mineral processing;

(e) Trade in wildlife or wildlife products regulated under CITES  or sourced from areas with prevalent risk of illegalities as regards trade in wildlife or wildlife products.

(vii) Production or activities that impinge on the lands owned, or claimed under adjudication, by indigenous peoples, without fully documented consent of such peoples.

(viii) Significant conversion or degradation  of Critical Habitat .

(ix) Racist and anti- democratic media.

(x) Alteration, damage or removal of any critical cultural heritage .

(xi) Engaged in controversial fishing techniques (such as trawls, drifts nets, shark-finning, ghost fishing, disrespecting no-take zones, methods destroying or damaging seafloor habitats where fishes and other seafloor animals reside, and methods known to catch large amounts of bycatch).

(xii) Commercial logging operations or the purchase of logging equipment for use in a natural forest.

(xiii) Production or trade in wood or other forestry products from primary forests, unless they are certified by one of the four main certification schemes .

(xiv) GMO related activities in any link of the agricultural value chain if these activities exceed 5% of total revenue, unless:

(a) In the market where the projects operate there is no viable alternative (e.g. in markets where only GMO seeds are available);

(b) Large groups or communities derive their livelihood from GMO-related agriculture.

(xv) Production or trade in nuclear power and radioactive materials .

(xvi) Production or trade in or use of unbounded asbestos fibers.

(xvii) Production or trade in products containing PCBs .

(xviii) Production, trade, storage, or transport of significant volumes of hazardous chemicals, or commercial-scale usage of hazardous chemicals.

(xix) Cross-border trade in waste and waste products unless compliant with the relevant international agreements on trade in chemicals and chemical waste  and the underlying regulations.

(xx) Finance or engage in any activity, production, use, distribution, business or trade involving:

(a) coal prospection, exploration, mining or processing;

(b) oil exploration or production;

(c) standalone fossil gas exploration and/or production ;

(d) transportation or and related infrastructure primarily  used for coal for power generation;

(e) crude oil pipelines;

(f) oil refineries;

(g) construction of new or refurbishment of any existing coal-fired power plant (including dual);

(h) construction of new or refurbishment of any existing HFO-only or diesel-only power plant producing energy for the public grid and leading to an increase of absolute CO2 emissions ;

(i) expansion of its infrastructure for the captive use of coal  used for power and/or heat generation.

5.7 Disposal of E-Waste: We are a financial institution that seeks to foster sustainability at scale through efficient finance. Towards this purpose, we strive towards a `less paper’ approach by employing a host of digital instruments and infrastructure to reduce the carbon footprint. At the same time, we acknowledge that more technology may also mean electronic waste which is generated when instruments and infrastructure become unfit for their originally intended use (“E-Waste”). Phones, tablets, computers, servers, mainframes, printers, scanners, copiers, calculators, and air conditioners are examples of E-Waste. To ensure proper disposal of such E-Waste, we shall adhere to the following:

(i) Dispose E-Waste as per E-waste (Management) Rules, 2022 and/or such other applicable laws;

(ii) Use the services of entities involved in E-Waste exchange; or

(iii) Make charitable donation to such social welfare institutions as deemed fit by Company.

‍

6. COMPLAINT REDRESSAL MECHANISM

6.1 It is the Company’s constant endeavour to put the interest of our stakeholders’ interest first and to provide with financial solutions that are right for them. In keeping with its promise, the Company looks forward to receiving both positive and negative feedback from the stakeholders on its products and services.

6.2 The grievances of the stakeholders will be redressed in the manner provided below:

(i) Stakeholders can register grievances through email id and toll-free number provided at the Company’s branches / Head Office / website and at any other place where the business of the Company is transacted.

(ii) After examining the matter, the Company will endeavour to send the stakeholder its response expeditiously and intimate the stakeholder how to escalate the complaint to higher level, if they are not satisfied with the response.

(iii) Stakeholders have to confirm whether the grievance has been resolved to their satisfaction or not. The grievance will be deemed to be closed, if Stakeholders do not respond via toll free number or email.

(iv) The Company shall also request the stakeholder to provide feedback on the services rendered. This can be done through direct contact by staff or through specific stakeholder satisfaction surveys that may be conducted from time to time.

(v) A periodical review of the above mechanism at various levels of management would be undertaken by the Company.

‍

7. POLICY REVIEW AND UPDATES

The implementation of ESG Policy shall be monitored and reviewed periodically by the Board of the Company.

‍

Annexure A

(To be provided on the letterhead of the Institutional Entity)

Ref: [•]

Date: [•]  

To:

Avanti Finance Private Limited #2727, 2nd Floor,

1st Main Road, HAL 3rd Stage,

Ward No. 58 (Old No. 83),

New Thippasandra, Bangalore,

Bangalore North, Karnataka, India, 560075

Sub: Declaration in relation to required compliances for the purposes of availing loan from Avanti Finance Private Limited.

Dear Sir's

Please refer to loan application dated_____wherein we seek to avail a loan of amount

_____(“Loan”). In pursuance of the same, and as required by Avanti Finance Private Limited, we hereby declare the following statements to be true and correct:

1. We are in material compliance with all applicable laws in relation to the environment, health and safety;

2. We have obtained all applicable consents, approvals, authorisations including applicable No- Objection Certificates from relevant Central, State and local authorities with respect to air emissions, discharges to surface water or ground water, noise emissions, solid or liquid waste disposal, the use, generation, storage, transportation, or disposal of toxic or hazardous substances or wastes, or other environment, health and safety matters; and

3. We have received no complaint or claim from any person or third-party seeking damages, indemnification, cost recovery, compensation, or injunctive relief in respect of the above matters.

We understand and agree that if at any point of time any of the statements above that are represented to be true becomes untrue during the period the Loan remains outstanding, Avanti Finance Private Limited shall be entitled to terminate the Loan Agreement and immediately recall the loan amount.

Yours faithfully,

For [Insert Name of Institutional Entity]

Authorised Signatory

Members of the Committee:

Chief Risk Officer (CRO), Chief Information Security Officer (CISO), Chief Operating Officer (COO), Chief of Partnerships (COP) and Chief Product Officer (CPO)

Invitee:

Company Secretary, Chief Audit Officer (CAO), Chief Financial Officer (CFO) and VP of

Product.

Quorum:

Minimum three members of the committee

Chairperson of the meeting:

Chief Risk Officer (CRO). In case, the Chief Risk Officer (CRO) who is the Chairman of the Information Security Committee is absent from the meeting, then the members of the Information Security Committee should nominate the Chairman for the meeting from the members who are present at the meeting.

Purpose:

The ISC is responsible for managing and overseeing information and cyber security within the organization. It ensures that security policies, standards, and procedures align with regulatory requirements and organizational risk appetite.

Responsibilities:

1. Overseeing the development and implementation ofcybersecurity policies, standards, and procedures to strengthen theorganization's security posture.
2. Monitoring and approving security projects and awarenessprograms to enhance cyber resilience.
3. Reviewing cyber incidents, security audits, and riskassessments to ensure appropriate mitigation actions.
4. Ensuring regulatory and statutory compliance ininformation security.
5. Regularly update the ITSC and CEOon security activities.

Authority:

1. The ISC operates under the oversight of the ITSC.
2. It has the authority to enforce security policies and oversee risk management initiatives.

Frequency of the meeting:

The Information Security Committee will meet at least Bi-Annually or as needed to accomplish its duties.

Agenda for the meeting:

Will be shared by the CISO before every meeting

Notice for the meeting:

Meeting notice should be shared a week before the meeting

Regulatory requirements:

The meeting should be recorded and MOM should be added to the board pack, for two meetings.

Reporting:

The ISC shall present or submit periodic reports to the Board offering a summary of its activities, issues, and related recommendations. In addition, committee members will disseminate meeting agendas, minutes and supporting documents to ensure that various stakeholders of AFPL are aware of the work and recommendations of the committee.

1. Purpose and Scope

This Fraud Risk Management Policy (“Policy”) aims at safeguarding the Company’s resources, business and customers from the unethical activities of fraudsters through effective fraud risk management, institute a robust internal audit and control framework and define measures to create awareness of fraud risk across the organization.

The Policy is applicable to all employees of Avanti Finance Private Limited (“Company”) at all levels of management. It is also applicable to personnel associated with the Company such as partners, contract employees, interns, consultants etc. This Policy shall be read in conjunction with the Risk Management policy and the Code of Conduct.

2. Objectives of Policy

i. Assign roles and responsibilities with respect to combating fraud.

ii. Define measures and controls for prevention, early detection, investigation, monitoring, recovery and timely reporting of incidents of fraud to RBI and Law Enforcement Agencies (LEA).

iii. Create awareness of fraud risk among employees, partners and others associated with the Company.

iv. Authorise the audit department to conduct surprise audits at all entities associated with the Company to enable the prevention or detection of fraud.

3. Definition of Fraud

Fraud may be defined as an act or omission that is intended to cause wrongful gain to one person and/or wrongful loss to the other, either by way of concealment of facts or otherwise. The Company also defines fraud as “deliberate abuse of procedures, systems, assets, products and/or services of the Company by those who intend to deceitfully or unlawfully benefit themselves or others”.

Internal fraud involves acts intended to defraud, misappropriate property or circumvent regulations, the law or Company's policy in the events which involve at least one person internal to the Company or temporary workers, third-party contractors, interns and consultants associated with the company

External fraud involves acts intended to defraud, misappropriate property or circumvent the law, by a third party and thereby causing or intending to cause losses to the Company. External fraud with regard to systems, assets, products, fraudulent financial reporting e.g. improper revenue recognition, overstatement of assets or understatement of liabilities, services to the detriment of the Company committed by borrowers, potential clients, third parties including vendor(s) or Partner(s).

4. Categorisation of Fraud for reporting

The Company shall use the categorization of RBI for classifying fraudulent activities::

(i) Fraudulent encashment through forged instruments;

(ii) Manipulation of books of accounts or through fictitious accounts, and conversion of property;

(iii) Cheating by concealment of facts with the intention to deceive any person and Misappropriation of funds and criminal breach of trust;

(iv) cheating by impersonation;

(v) Forgery with the intention to commit fraud by making any false documents/electronic records;

(vi) Wilful falsification, destruction, alteration, mutilation of any book, electronic record, paper, writing, valuable security or account with intent to defraud;

(vii) Fraudulent credit facilities extended for illegal gratification;

(viii) Cash shortages on account of frauds;

(ix) Fraudulent transactions involving foreign exchange;

(x) Fraudulent electronic banking / digital payment related transactions committed on NBFCs.

(xi) Any other type of fraud not coming under the specific heads as above.

5. Fraud Risk Management Life cycle:

5.1 Fraud prevention and standards:

Risk management will be responsible towards prevention, early detection, investigation, staff accountability, monitoring, recovering and reporting of frauds occurring across the Company.

The Company will undertake various measures for prevention of frauds including:

1. Management supervision for the compliance of risk governance and reporting;

2. Periodic training of employees and associated entities on fraud risk awareness for identifying potential fraud areas;

3. Strictly adhering to the due diligence for borrower accounts;

4. Introducing organization controls like:

a) Segregation of duties;

b) Maker checker principles;

c) Two factor authentication.;

5. Using standardized and transparent processes;

6. Periodic reconciliation of books and transactions;

7. Access control to data and IT systems;

8. Using historical experience as case studies for future;

9. Strict adherence to KYC norms while customer onboarding;

10. Regularly referring to the caution list(s) such as Cibil, Equifax, Highmark at the time of sanction of loans;

11. Partner monitoring and Internal audit work at periodic intervals.

5.2 Fraud detection Sources

Detection of frauds are done through:

(i) Early Warning Signals (“EWS”):An Early Warning System (EWS) for Fraud Risk Management is a proactive approach that helps detect, prevent, and mitigate potential fraudulent activities before they cause significant harm

The EWS system will have 3 major components

a) Data collection: Data is collected from various sources such as transactional data (Payments, Transfers, Refunds), user behaviour (Login patterns, Geolocation, IP) and External Data (Watchlists, Blacklists, Sanctioned Entities, Bureau) etc

b) User Profiling and Portfolio monitoring: Risk triggers such as EMI bounces, early defaults, customer non-contactability and other instances of deviations from normal patterns.

c) Triggers and Alerts: Platform triggers for unusual activities such as large or frequent transactions, multiple failed login attempts etc

(ii) Complaints from customers.

(iii) Internal audit and partner monitoring reports.

(iv) Whistle blower complaints

(v) Anonymous/pseudonymous complaints with verifiable facts.

5.3 Investigation of Fraudulent Activities

In case where there is a suspicion / indication of wrongdoing or fraudulent activity, the company shall use the internal audit team for further investigation in such accounts. In cases where the Company intends to appoint an external auditor for conducting the investigation approval will be sought from the Board.

5.4 Classification of frauds:

In the event of a fraudulent activity, the Company shall:

(i) issue a detailed Show Cause Notice (“SCN”) to the persons, entities and its promoters / whole-time and executive directors against whom allegation of fraud is being examined. The SCN shall provide complete details of transactions / actions / events basis which declaration and reporting of a fraud is being contemplated.

(ii) provide 21 days to the persons / entities on whom the SCN was served to respond to the said SCN.

(iii) examine the responses minutely and without any prejudice made by persons / entities prior to declaring such persons / entities as fraudulent.

(iv) issue well-reasoned order(s) (“Order”) regarding declaration / classification of the account as fraud or otherwise which shall contain relevant facts and/or circumstances relied upon by the Company.

5.5 Staff Accountability

The Company shall initiate and complete the examination of staff accountability in all fraud cases in a time-bound manner, the process for which is as set out in the Code of conduct.

5.6 Recovery of losses arising from fraud:

The Company shall explore avenues for recovery of losses on account of fraud, these could include:

(i) Ensuring enforcement of available security;

(ii) Filing of police complaints/FIRs wherever the frauds are established;

(iii) Filing civil suits against the fraudsters;

(iv) Recovery of amount from fraudster.

6. Special Committee for Monitoring and Follow-up cases of Fraud / Committee of the Executives:

As the Company is a middle-layer NBFC as per the regulation, a Committee of the Executives (CoE) will be formed with a minimum of three members, at least one of whom shall be a Whole-time director or equivalent rank Official for the purpose of performing the roles and responsibilities of Special Committee for Monitoring and Follow-up cases of Fraud.

The roles and responsibilities of CoE are as set out below:

(i) CoE shall oversee the effectiveness of the fraud risk management in the Company.

(ii) CoE shall review and monitor cases of frauds, including root cause analysis, and suggest mitigating measures for strengthening the internal controls, risk management framework and minimising the incidence of frauds.

7. Responsibilities of Senior Management

The Senior Management of the Company is responsible for implementation of this Policy. A periodic review of incidents of fraud is placed before Board of Company / audit committee, as appropriate, by the Senior Management of the Company.

8. Guidelines on submission of returns and reporting

Reporting of Frauds to Law Enforcement Agencies (LEAs):

The Company will:

(a) immediately report the incidents of fraud to appropriate LEAs, subject to applicable laws.

(b) establish suitable nodal point(s) / designate officer(s) for reporting incidents of fraud to LEAs and for proper coordination to meet the requirements of the LEA.

Reporting of Frauds to the Reserve Bank of India

I. The Company shall report incidents of fraud to RBI through Fraud Monitoring Returns (FMRs) using online portal under the heads as specified in Clause 4 above. For the purpose of reporting under FMR:

o The ‘date of occurrence’ is the date when the actual misappropriation of funds has started taking place, or the event occurred, as evidenced/reported in the audit or other findings.

o The ‘date of detection’ to be reported in FMR is the actual date when the fraud came to light in the concerned branch/audit/department.

o The ‘date of classification’ is the date when due approval from the Committee of Executives (CoE) has been obtained for such a classification, and the reasoned order is passed.

II. The Company shall furnish FMR in individual fraud cases, irrespective of the amount involved, immediately but not later than 14 days from the date of classification of an incident/account as fraud.

III. The Company report frauds perpetrated in its group entities to RBI separately through email, if such entities are not regulated/supervised by any financial sector regulatory/supervisory authority. However, in the case of overseas financial group entity of the Company, the Company shall also report incidents of fraud to RBI. The group entities will have to comply with the principles of natural justice before declaration of fraud.

IV. The Company shall adhere to the timeframe prescribed in the Master Directions for reporting of fraud cases to RBI.

V. The Company shall examine and fix staff accountability for delays in identification of fraud cases and in reporting to RBI.

VI. While reporting frauds, the Company shall not report names of persons / entities who / which are not involved / associated with the fraud in the FMR.

VII. The Company may, only under exceptional circumstances, withdraw FMR / remove name(s) of perpetrator(s) from FMR by providing a due justification to RBI and with the approval of a senior official (at least in the rank of a Director).

9. Closure of Fraud Cases Reported to RBI

The Company shall close fraud cases using ‘Closure Module’ of RBI’s CIMS portal where the actions as stated below are complete:

1. The fraud cases pending with LEAs / Court are disposed of; and

2. The examination of staff accountability has been completed.

The Company may, for limited statistical / reporting purposes, close those reported fraud cases involving amount upto ₹25 lakh, where examination of staff accountability and disciplinary action, if any, has been taken and:

1. The investigation is going on or charge-sheet has not been filed in the Court by LEA for more than three years from the date of registration of First Information Report (FIR); or

2. The charge-sheet is filed by the LEAs in trial court and the trial in the court has not commenced or is pending before the court for more than three years from the date of registration of FIR.

In all closure cases of reported frauds, the Company shall maintain details of such cases for examination by auditors.

10. Legal Audit of Title Documents in cases of Large Value Loan Accounts Fraud accounting

The Company shall conduct periodic legal audits of title deeds and other related title documents in respect of all credit facilities of ₹1 crore and above.

11. Reporting Cases of Theft, Burglary, Dacoity and Robbery

i. The Company shall report instances of theft, burglary, dacoity and robbery (including attempted cases), to Fraud Monitoring Group (FMG), Department of Supervision, Central Office, Reserve Bank of India, immediately (not later than seven days) from their occurrence.

ii. The Company shall also submit a quarterly Return (RBR) on theft, burglary, dacoity and robbery to RBI using online portal, covering all such cases during the quarter. This shall be submitted within 15 days from the end of the quarter to which it relates.

12. Regulatory Reference

Master Direction- Reserve Bank of India (Non-Banking Financial Company- Scale Based Regulation) Directions, 2023 along with Master Directions on Fraud Risk Management in Non-Banking Financial Companies (NBFCs) - 2024.

13. Policy Review and Updates

The implementation of this Policy shall be monitored and reviewed periodically by the Board of the Company.

This Policy comes into effect from date of Board Approval.

‍

1. Introduction

In the current economic scenario, it is imperative that appropriate measures are taken to prevent intentional/unintentional usage of channels by criminal elements for money laundering or terrorist financing activities. Avanti Finance Private Limited (hereinafter referred to as “Company”) will consistently work towards developing robust Know Your Customer (KYC) principles and Anti-Money Laundering (AML) standards to know/ understand its customers and their financial dealings and manage risks arising out of such financial dealings prudently. RBI vide its master circular has advised to put in place a Board approved AML/KYC policy framework, which shall document the underlying principles for customer acceptance, customer identification, transaction monitoring and risk management.

2. Objectives of the Policy

The policy aims to develop a diligent and compliance sensitive culture in the Company through a focused approach on customer acceptance and identification procedures.

The key objectives of the policy are as under:

(i) Prevent the Company from being used, intentionally or unintentionally, by criminal elements for money laundering or terrorist financing activities, through the various channels, products and services it offers;

(ii) Define a mechanism for risk categorisation of customers at the time of account opening and transaction monitoring measures commensurate with the risk categorisation of the customers;

(iii) Enable the Company to know / understand its customers and their financial dealings better and manage its risks in a prudent manner;

(iv) Allocate responsibility for effective implementation of policy and ensure adequate training on KYC procedures is provided to the concerned staff;

(v) Develop a comprehensive AML/ Combating Financing of Terrorism (CFT) programme in line with the regulatory requirements covering systems and controls, training of staff and management oversight and ensure its effective implementation.

3. Applicability

This policy shall be applicable to all verticals / products of the Company whether existing or rolled out in future. It may be noted that KYC – AML policy as stated in this document shall prevail over anything else contained in any other document / process / circular / letter / instruction in this regard (KYC-AML). This policy shall be applicable to all verticals/products of the Company whether existing or rolled out in future.

4. Governance Structure

The Company shall have a robust governance structure to monitor compliance with KYC / AML / CFT guidelines across all functions / business units of the Company. The Risk Management Committee of the Company will, inter alia, oversee the implementation of the AML/ KYC framework. There shall be a designated director who shall be different from the Principal Officer.

The Company has a senior management officer to be designated as the Principal Officer who will facilitate and monitor compliance with regulatory guidelines with respect to customer acceptance, customer identification, and transaction monitoring and risk management. The Principal Officer will ensure that the cash and suspicious transactions reporting are done in a timely manner and accurately to the regulator. He will also ensure appropriate dissemination of regulatory updates, pertaining to KYC/ AML/ CFT and guide these business units on compliance. For the purposes of this Policy, the Senior Management in the Company shall consist of: (a) the Chief Operating Officer; and (b) the Chief Risk Officer who will be responsible for effective implementation of this Policy and the procedures laid in the Policy.

At branch level/ Centers / Mandi, the responsibility for ensuring compliance with KYC norms will rest with the Service Representative or staff of the Company.

5. Key Elements of the Policy

In line with the RBI guidelines, the KYC policy shall comprise of the following components:

5.1 Customer acceptance

5.2 Customer identifications

5.3 Transaction monitoring

5.4 Risk management.

5.1 Customer Acceptance

The Company’s Customer Acceptance Policy (CAP) lays down the criteria for acceptance of customers.

A customer is any person who enters into any financial dealing or activity with the Company and includes a person on whose behalf the person who is engaged in the transaction or activity is acting.

The customers may approach the Company to avail of the products and services offered through branches, Consultants / agents or through digital channels such as mobile application and website. All these channels:

(i) Will accept customers only after verifying their identity;

(ii) Prohibit the opening of anonymous or fictitious/ benami accounts;

(iii) Ensure necessary checks before opening a new account so that the identity of the customer does not match with any person with known criminal background or with banned entities such as individual terrorists or terrorist organizations, etc.;

(iv) While opening the Company accounts for these customers, specifically in rural areas, the Company will use multiple sources such as e-KYC service of UIDAI, mobile application and tab to capture the KYC details of the customer along with the required KYC documents;

(v) Not to allow existing customers to continue or accept new customers if they are on the  sanctions list as set out by RBI or any other lists prescribed by the relevant regulators;

(vi) Will check the risk perception of the customers based on the parameters defined by the Risk Management Committee from time to time. Parameters of risk perception will be clearly defined in terms of the location of customer and his clients and mode of payments, volume of turnover, social and financial status, etc. to enable categorization of customers into low, medium and high risk;

(vii) Will adhere to the documentation requirements and other information which is to be collected in respect of different categories of customers depending on perceived risk and keeping in mind the requirements of Prevention of Money Laundering Act 2002 as amended by PMLA 2009 and subsequent amendments, (hereinafter referred to as PMLA), rules framed there under, and guidelines issued from by regulators;

(viii) Will not to open an account or close an existing account where the Company is unable to apply appropriate customer due diligence measures, i.e. the Company is unable to verify the identity and / or obtain documents required as per the risk categorisation due to non- cooperation of the customer or unreliability of the data/information furnished;

(ix) Will ensure that the circumstances in which a customer is permitted to act on behalf of another person/entity is in conformity with the established law and practices, and the customer should be able to explain satisfactorily the reason / occasion why an account needs to be operated by a mandate holder or where an account may be opened by an intermediary in a fiduciary capacity;

(x) All the Customers would be classified under appropriate risk weights;

(xi) Open accounts for PEPs after clearance from Principal Officer and monitor operations in such accounts on an on-going basis. PEPs are individuals who are or have been entrusted with prominent public functions by a foreign country, including the Heads of States/Governments, senior politicians, senior government or judicial or military officers, senior executives of state-owned corporations and important political party officials.   They would be subjected to enhanced Customer Due Diligence (CDD) and such accounts would be permitted at least at a level higher than what is otherwise permitted to approve the account. Close relatives of PEP also would be treated at par with PEP;

(xii) All customer accounts deemed to be high risk to be opened with the specific approval of Principal Officer;

(xiii) Shall have in place suitable built-in safeguards to avoid harassment of the customer.

(xiv) if an existing customer with valid KYC, desires to open another account or avail any other product or service from the Company, there shall be no need for a fresh CDD exercise as far as identification of the customer is concerned.

The Company will develop appropriate systems for adoption of E-KYC procedure facilitated by the Unique Identification Authority of India (“UIDAI”). The customer details would be obtained as under:

(a) Release of information by UIDAI on customer consent through biometric verification;

(b) Printing e-Aadhaar letter based on the Aadhaar number provided by the customer.

Under the e-KYC procedure, the information containing demographic details and photographs made available from UIDAI will be treated as OVD. The data of the individual comprising of name, age, gender, and photograph of the individual will be transferred electronically to the branches, Service representatives appointed by the Company post biometric authentication by the individual. The Company will then print the e-Aadhaar letter of the prospective customer directly from the UIDAI portal for KYC validation and documentation. If the prospective customer knows only his/her Aadhaar number, the Company may print the prospective customer’s e-Aadhaar letter in the Company directly from the UIDAI portal; or adopt e-KYC procedure as aforementioned.

5.2 Risk Category and Customer Profile

The Company shall prepare a profile for each new customer based on risk categorization as mentioned in this policy. Company shall periodically review risk categorization of customers and the need for applying due diligence measures.

The Company will ensure adequate care for preparation of customer profile so as to seek only relevant information which is relevant to the customers risk category. In case the Company requires any other details, it should be sought separately only with the customer's consent. The Company understands that the details obtained from the customer are confidential and will ensure adequate care and security for the safekeeping of the data and shall not divulge the data for cross-selling or any other purpose.

Risk Category

Company will classify its customers based on the following principles and in accordance with the below mentioned risk categories (as may further be modified / supplemented by RBI from time to time), i.e., Low Risk; and Medium Risk / High Risk.

It is important to bear in mind that the adoption of the below categorization and its implementation should be viewed as guidance so that they do not become too restrictive and result in denial of Company’s services to general public, especially to those, who are financially or socially disadvantaged.

Low Risk:

For the purpose of risk categorization, individuals (other than High Net Worth individuals) and entities whose identities can be easily identified, may be categorized as low risk. Illustrative examples of low risk customers could be:

(A) salaried employees whose salary structures are well defined;

(B) persons belonging to lower economic strata of the society whose accounts show nil or small balances / low turnover; and

(C) Government departments & Government owned companies, regulators and statutory bodies, etc.

In such cases, Company will obtain and verify only the basic set of documents as prescribed under law for the purpose of KYC.

Medium / High Risk:

Customers that are likely to pose a higher than average risk to the Company may be categorized as medium or high risk depending on customer's background, nature and location of activity, country of origin, sources of funds and his client profile, etc.

Company requires extensive due diligence for higher risk customers, especially those for whom the sources of funds are not clear.

Illustration of customers requiring higher due diligence may include:

(A) high net worth individuals;

(B) politically exposed persons (PEPs) of foreign origin;

(C) non-resident customers;

(D) Customers onboarded in non face-to-face mode through use of digital channels such as CKYCR, DigiLocker, offline Aadhaar, equivalent e-document etc

(E) trusts, charities, non-governmental organizations and entities receiving donations (whether domestic or from international sources);

(F) companies having close family shareholding or beneficial ownership; and

(G) those with dubious reputation as per public information available.

In addition, parameters of risk perception shall include:

5.3 Customer Identification Procedure

Company shall ensure adherence of Customer Identification Procedure as prescribed by the Reserve Bank of India from time to time. The Company would obtain the KYC documents whenever there is doubt about the authenticity/veracity or the adequacy of the previously obtained Customer identification data. If Aadhaar card is taken as KYC, Company would satisfy itself about current address by obtaining required proof. The Company also have the process of allotting Unique Customer Identification Code (UCIC) for easy identification of all the relationships of any Customer with the Company.

Information collected for the purpose of opening of account would be kept as confidential and would not be divulged to outsiders for cross selling or any other purpose other than for the statutory requirement of sharing the Customer account details with at least one credit information agency approved by RBI. Information sought from the Customer would be relevant to the perceived risk and would not be intrusive. The Beneficial Owner in the case of trust, partnership and Joint stock companies would be reckoned in pursuance of this policy.

5.4 Transaction Monitoring

Company would continue to maintain proper record of all cash transactions as may be prescribed under applicable law. The Company shall obtain copy of PAN of all the Customers for cash transaction of Rs 50,000 or more entered into with them. In case a Customer does not have a PAN, Form 60, duly signed by the Customer along with a valid identity proof and signature proof, should be accepted.

Company would strive to have an understanding of the normal and reasonable activity of the Customer through personal visits and by observing the transactions and conduct of the account in order to identify transactions that fall outside the regular pattern of activity – unusual transactions.

For the simplicity of data capture, the following transactions would be considered as unusual transactions deserving special attention (in addition to those listed in Annexure 3):

(i) Repeated pre termination of loan accounts of size exceeding Rs.10 lacs;

(ii) Same Customer appearing in the Cash Transaction Report (CTR) more than 3 times during a span of 6 months;

(iii) Total cash received from a customer exceeding Rs 50 lacs in a financial year or Rs 25 lacs in a month.

Such accounts would be treated as Medium/High Risk Customers after review of the unusual transactions by the Principal Officer – PMLA.

Being an NBFC, Company is not empowered to seize any counterfeit currency like in the case of banks. However, the following incidents of counterfeit currency at the cash counters would be recorded and repeated occurrence would be reported:

(i) Bulk counterfeit currency of more than 10 pieces at a time;

(ii) Repeated event within a week from a collection executive or Customer.

All such transactions would be reported to and reviewed by Principal Officer – PMLA who would enquire into the matter and decide whether the transaction would qualify to be termed as a suspicious transaction. When it is believed that we no longer are satisfied that we know the true identity of the account holder, STR would be filed with FIU-IND. The Principal Officer - PMLA would file the Suspicious Transaction Report (STR) with the Director, Financial Intelligence Unit-India (FIU-IND) within 7 days of identifying them. After filing STR, transactions would be allowed to be continued in the account unhindered and the Customer would not be tipped in any manner.

All CTR/STR would be filed electronically or as per the norms stipulated by FIU-IND from time to time. The STR would be filed even for attempted transactions.

List of individuals and entities, approved by UN Security Council Committee and circulated by RBI would be updated and the list would be available at every office entrusted with the responsibility of customer acceptance and would be verified before opening an account. Financial Action Task Force (FATF) statements regarding countries with deficient AML/CFT would be verified and caution would be exercised with Customers who conduct business activities in these countries.

5.5 Risk Management

The Company shall develop appropriate procedures for customer acceptance, identification and monitoring. The Company will constantly strive to strengthen its KYC framework in order to mitigate following key risks which may arise due to inadequate KYC standards:

(a) Money laundering risks and risks of financing of terrorist activities

(b) Compliance risk

(c) Reputation risk

(d) Fraud risk

(e) Legal risk

The Board of the Company shall develop an effective AML / CFT programme through establishment of appropriate procedures and allocate responsibility to senior management for effective implementation of the policy and will cover aspects such as systems and controls, management oversight, segregation of duties, training staff and other related matters. A risk based approach will be adopted to address management and mitigation of various AML / CFT risks.

The Risk and Compliance Department of the Company will conduct independent evaluation to assess the effectiveness of implementation of policies and procedures, including legal and regulatory requirements. The Risk and Compliance Department will report the findings in such audits before the Audit Committee of the Board at quarterly intervals.

Internal Auditors will check and verify the application of KYC/AML procedures at the branches and for accounts routed through Consultants/ Agents and comment on the lapses observed in this regard. The compliance in this regard shall be put up before the Audit Committee of the Board on quarterly intervals.

5.6 Customer Education

Implementation of KYC procedures require the Company to demand certain information from customers which may be of personal nature, or which have hitherto never been called for. This can sometimes lead to questioning by the customer as to the motive and purpose of collecting such information. There is, therefore, a need for the Company to prepare specific literature / pamphlets / notices, etc. so as to educate the customer about the objective of the KYC programme. The front desk staff will be specially trained to handle such situations while dealing with customers.

5.7 Introduction of New Technologies

The Company shall pay special attention to any money laundering threats that shall arise from new or developing technologies including internet transactions that might favour anonymity, and take measures, if need, to prevent their use in money laundering schemes. Many Companies are engaged in the business of issuing a variety of Electronic Cards that are used by customers for buying goods and services, drawing cash from ATMs, and can be used for electronic transfer of funds. Further, marketing of these cards is generally done through the services of agents. The Company shall ensure that appropriate KYC procedures are duly applied before issuing the cards to the customers, if any, in future; agents shall also be subjected to KYC measures.

6. Periodical Review of Customer Identification Data

(i) Periodic updation means steps taken to ensure that documents, data or information collected under the customer due diligence process is kept up-to-date and relevant by undertaking reviews of existing records at periodicity prescribed by the RBI. Updation/periodic updation of the KYC can be undertaken at any Branch of the Company or through Company mobile/web application.

(ii) The Company will conduct revalidation of KYC, which will include confirming identity and address of the customer, assessment of risk profile of the customer based on the last updated KYC and seeking additional data, including the source of funds / wealth, if required, from the customer. Timeframe for such revalidation would be as under and would apply from the date of account opening/ last verification date of KYC.

‍

‍

Subject to KYC guidelines (as notified by RBI from time to time):

(i) Fresh proofs of identity and address shall not be sought at the time of periodic updation, from customers who are categorised as ‘low risk’, when there is no change in status with respect to their identities and addresses and a self-certification to that effect is obtained;

(ii) For ‘low risk’ customers, certified copy of address proof will be obtained (through mail / post) only if there is a change in the address of the customer. Physical presence of the customer at the branch will not be insisted upon;

(iii) In case it is observed that the address mentioned as per ‘proof of address’ has undergone a change, Company shall ensure that fresh proof of address is verified within a period of two months;

(iv) Company may, at its option, obtain a copy of OVD or deemed OVD, as prescribed by RBI, or the equivalent e-documents thereof, for the purpose of proof of address, declared by the customer at the time of updation/periodic updation;

(v) In case the customer does not comply with KYC requirements, the Company will either terminate the existing relationship or carry out necessary actions to partially freeze the business relationship in accordance with the provisions of the RBI’s Guidelines on “Know Your Customer” and Anti-Money Laundering Measures, as amended from time to time.

7. Record Keeping

Section 12 of PMLA, 2002 requires that the Company should fulfil certain obligations with respect to maintenance and preservation of records.

7.1 Maintenance of Records

The Company will put in place appropriate infrastructure and systems to maintain, preserve and report customer information as per applicable law and guidelines provided by RBI or any other relevant regulator from time to time. proper record of the following transactions:

(i) All cash transactions of the value of more than Rupees Ten Lakh;

(ii) Series of all cash transactions individually valued below rupees ten lakh, that have taken place within a month and the monthly aggregate which exceeds rupees ten lakhs;

(iii) All cash transactions where forged or counterfeit currency notes or bank notes have been used as genuine; and

(iv) All suspicious transactions as mentioned in the Rules.

The Company will ensure that following key details of transaction are recorded:

(i) Nature of transaction

(ii) Amount of transaction

(iii) Date on which the transaction was conducted

(iv) Details of parties to the transaction.

7.2 Preservation of Records

The Company shall endeavour to furnish all the information sought by regulatory/ statutory authorities in a time bound manner. Hence, systems will be developed to ensure easy and quick data retrieval.

(i) The Company will maintain for at least 10 years from the date of transaction between the Company and the client, all necessary records of transactions, which will permit reconstruction of individual transactions so as to provide, if necessary, evidence for prosecution of persons involved in criminal activity.

(ii) Records pertaining to the identification of the customers and their address (e.g. copies of documents like passports, identity cards, driving licenses, PAN card, utility bills, etc.) obtained while opening the account and during the course of business relationship, will be properly preserved for at least 10 years after the business relationship is ended and such records and transaction will be provided to competent authorities upon request.

(iii) Records of the identity of clients and records in respect of transactions will be maintained in both hard as well as soft format.

(iv) The Company will deal with all complex, unusual large transactions and all unusual patterns of transactions, which have no apparent economic or visible lawful purpose, with utmost due diligence and scrutiny, through branches and AML/KYC team at Head Office. Findings with respect to the aforesaid transactions will be recorded and related documents will be preserved as prescribed under applicable laws and made available to auditors to scrutinize these transactions.

7.3 Obligation of Secrecy

The Company has an obligation to maintain secrecy of the details of the account holder, not only when the account holder has a relationship with the Company, but also after the account is closed. This right of the customer to expect secrecy is limited in the following situations:

(i) Under provisions of various acts (Income Tax / Companies Act / RBI Act / FEMA Act etc.)

(ii) Based on customer’s consent

(iii) Disclosure with Consultants / Business Facilitator

(iv) Disclosure in Company’s interest

8. Combating Financing of Terrorism

1. The Company shall ensure to update the consolidated list of individuals and entities approved by Security Council Committee established pursuant to various United Nations' Security Council Resolutions (UNSCRs) circulated by the Reserve Bank.
2. The ‘ISIL (Da’esh) & Al-Qaida Sanctions List’ and ‘1988 Sanctions List’ shall be taken into account for the purpose of implementation of Section 51A of the Unlawful Activities (Prevention) Act, 1967. The Company shall update the lists of individuals/ entities as circulated by Reserve Bank and before opening any new account shall ensure that the name/s of the proposed customer does not appear in either list.
3. The Company shall further scan all existing accounts to ensure that no account is held by or linked to any of the entities or individuals included in the two lists. Full details of accounts bearing resemblance with any of the individuals/ entities in the list shall immediately be intimated to the Reserve Bank and FIU-IND.

9. Reporting Requirements

9.1. Reporting within the Company

The cash transactions of Rs. 10 lakhs and above, the Branches will report all the individual cash deposits or withdrawals to AML/Compliance officer at Head Office and also in respect of suspicious transactions, the branches will report to the AML/Compliance officer at Head Office. The designated officer at the Head – Office shall report to the law enforcement authorities.

9.2. Reporting to Financial Intelligence Unit-India (FIU-IND)

In line with the PMLA rules, the Company shall report information relating to suspicious transactions and to the Director, Financial Intelligence Unit-India (FIU-IND) in respect of transactions referred to in rule 3 at the following address:

Director, FIU-IND, Financial Intelligence Unit - India,

6th Floor, Hotel Samrat, Chanakyapuri, New Delhi-110021.

10. Training and awareness

1. The Company shall develop appropriate training literature and display the same at branches and on the website in order to educate the customer about the objectives of KYC/ AML/ CFT programme.
2. The Company shall have an ongoing employee training programme so that the members of staff are adequately trained in AML/CFT policy.
3. The Company shall also deploy appropriate screening mechanisms while hiring new employees.
4. The Company shall ensure implementation and adherence to the Policy via independent evaluation/Concurrent/internal audit system and timely reporting to the Audit Committee.
5. system and timely reporting to the Audit Committee.

This policy comes into effect immediately on approval by the Board of Directors of the Company and shall remain in force till further review by the Board.

11. CDD Procedure and sharing KYC information with Central KYC Records Registry (CKYCR)

In terms of provision of Rule 9(1A) of the PML Rules, the Company shall capture customer’s KYC records and upload onto CKYCR within 10 days of commencement of an account-based relationship with the customer.

Once KYC Identifier is generated by CKYCR, the Company shall ensure that the same is communicated to the customer as the case may be.

On receipt of additional or updated information from any customer, the Company shall within seven days or within such period as may be notified by the Central Government, furnish the updated information to CKYCR.

For the purpose of establishing an account-based relationship, updation/ periodic updation or for verification of identity of a customer, the Company shall seek the KYC Identifier from the customer or retrieve the KYC Identifier, if available, from the CKYCR and proceed to obtain KYC records online by using such KYC Identifier and shall not require a customer to submit the same KYC records or information or any other additional identification documents or details, unless– (i) there is a change in the information of the customer as existing in the records of CKYCR; or (ii) the KYC record or information retrieved is incomplete or is not as per the current applicable KYC norms; or (iii) the validity period of downloaded documents has lapsed; or (iv) the Company considers it necessary in order to verify the identity or address (including current address) of the customer, or to perform enhanced due diligence or to build an appropriate risk profile of the customer.

12. Procedure for change in mobile number of the customer

On receipt of a request from the Customer for change in mobile number existing in the Company’s records, the following procedure shall be undertaken:

i. OTP verification of the updation through the existing mobile number or e-signed application from the Customer requesting for a change

ii.  OTP verification of the new mobile number

iii. Communication to be sent to the Customer on the old and new mobile numbers

13. Digital KYC Process/Approach

The Company had adopted enhanced KYC process that involves:

(i) its proprietary digital application for undertaking KYC in a secure environment;

(ii) a network of pre-authorized on-ground partners whose whitelisted employees (field officers) have a secured access to the Company’s digital application; and

(iii) such partners / field officers (acting in accordance with the Company’s instructions) not only assisting for the purpose of KYC but also acting as customer touch-points to inform and educate the customers in relation to the credit facilities and aid in financial literacy.

While the Company’s KYC process is in line with the minimum requirements for Digital KYC as set out in Annex I of RBI’s Master Direction - Know Your Customer (KYC) Direction, 2016 (DBR.AML.BC.No.81/14.01.001/2015-16) (“KYC Directions”), the Company has made a few improvements and modifications to go beyond these minimum requirements so as to make the customer onboarding process more robust and simplified. It is also pertinent to note that while the emphasis is on digital means, the KYC process involves the presence of on-ground authorized officer of the Company who have been authorized to receive copies of customer documents, compare them with the original copy and accept after due verification. This is also verified by the Company either (i) through API integration with the base data (for example with NSDL for PAN verification) and / or (ii) through physical verification by the the Company’s backend team.

The KYC process flow adopted by the Company is mentioned under Annexure 4.

14. Policy Review and Updates

The Risk Department shall be responsible to own, maintain and update this policy. If any change in this policy is subsequently found necessary, consequent upon any change in regulatory guidelines, market conditions, etc., such changes and approvals shall be deemed to be part of the policy until the policy and framework are comprehensively reviewed.

15. Regulatory References

This policy is framed according to the following regulatory references:

(i) RBI Master Direction – Know Your Customer (KYC) Direction dated February 25, 2016, as updated from time to time.

(ii) Prevention of Money Laundering Act (PMLA), 2002.

(iii) PML Rules, 2005.

16. Annexures

Annexure 1: Key Definitions

1. Customer: For the purpose of KYC Norms, a ‘Customer’ is defined as a person who is engaged in a financial transaction or activity with a reporting entity and includes a person on whose behalf the person who is engaged in the transaction or activity, is acting.

A customer can also be one of the following persons:

(i) A person or entity that maintains or is desirous of maintaining an account and/or has a business relationship with Company

(ii) One on whose behalf an account is maintained (i.e. the beneficial owner)

(iii) Beneficiaries of transactions conducted by professional intermediaries, such as chartered accountants, solicitors, etc. as permitted under the law, and

(iv) Any person or entity connected with a financial transaction which can pose significant reputational or other risks to Company, say, a wire transfer or issue of a high value demand draft as a single transaction.

2. Beneficial Owner:

(a) Where the customer is a company, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has/have a controlling ownership interest or who exercise control through other means.

Explanation- For the purpose of this sub-clause-

“Controlling ownership interest” means ownership of/entitlement to more than 10 per cent of the shares or capital or profits of the company.

“Control” shall include the right to appoint majority of the directors or to control the management or policy decisions including by virtue of their shareholding or management rights or shareholders agreements or voting agreements.

(b) Where the customer is a partnership firm, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has/have ownership of/entitlement to more than 15 per cent of capital or profits of the partnership.

(c) Where the customer is an unincorporated association or body of individuals, the beneficial owner is the natural person(s), who, whether acting alone or together, or through one or more juridical person, has/have ownership of/entitlement to more than 15 per cent of the property or capital or profits of the unincorporated association or body of individuals.

(d) Where the customer is a trust, the identification of beneficial owner(s) shall include identification of the author of the trust, the trustee, the beneficiaries with 10% or more interest in the trust and any other natural person exercising ultimate effective control over the trust through a chain of control or ownership.

3. Designated Director: “Designated Director" means a person designated by the reporting entity (bank, financial institution, etc.) to ensure overall compliance with the obligations imposed under chapter IV of the PML Act and the Rules and includes the Managing Director or a whole-time Director duly authorized by the Board of Directors

4. Person: In terms of Prevention of Money Laundering Act, 2002 ‘a person’ includes-

(a) an individual

(b) a Hindu undivided family

(c) a company

(d) a firm

(e) an association of persons or a body of individuals, whether incorporated or not

(f) every artificial juridical person, not falling within any one of the above persons

(g) any agency, office or branch owned or controlled by any of the above persons

5. Transaction: Transaction means a purchase, sale, loan, pledge, gift, transfer, delivery or the arrangement thereof and includes-

(a) opening of an account for the purpose of availing a loan/having a financial arrangement;

(b) Deposits, withdrawal, exchange or transfer of funds in whatever currency, whether in cash or by cheque, payment order or other instruments or by electronic or other non-physical means;

(c) entering into any fiduciary relationship;

(d) any payment made or received in whole or in part of any contractual or other legal obligation; or

(e) establishing or creating a legal person or legal arrangement.

6. Money Laundering: A process whereby proceeds of criminal activities such as drugs trafficking, smuggling and terrorism are converted into legitimate money through a series of financial transactions making it impossible to trace back the origin of funds.

7. “Suspicious transaction” means a “transaction” as defined below, including an attempted transaction, whether or not made in cash, which, to a person acting in good faith:

(a) gives rise to a reasonable ground of suspicion that it may involve proceeds of an offence specified in the Schedule to the Act, regardless of the value involved; or

(b) appears to be made in circumstances of unusual or unjustified complexity; or

(c) appears to not have economic rationale or bona-fide purpose; or

(d) gives rise to a reasonable ground of suspicion that it may involve financing of the activities relating to terrorism.

Annexure 2 - Documents to be obtained from entities

The details of documents to be obtained from various entities are as under:

‍

Annexure 3: An Indicative List of Suspicious Activities

(i) Transactions Involving Large Amounts of Cash

Company transactions that are denominated by unusually large amounts of cash, rather than normally associated with the normal commercial operations of the Company, e.g. cheques.

(ii) Transactions that do not make Economic Sense

Transactions in which assets are withdrawn immediately after being deposited unless the business activities of the customer's furnish a plausible reason for immediate withdrawal.

(iii) Activities not consistent with the Customer's Business

Accounts with large volume of credits whereas the nature of business does not justify such credits.

(iv) Attempts to avoid Reporting/Record-keeping Requirements

(a) A customer who is reluctant to provide information needed for a mandatory report, to have the report filed or to proceed with a transaction after being informed that the report must be filed.

(b) Any individual or group that coerces/induces or attempts to coerce/induce a NBFC employee not to file any reports or any other forms.

(c) An account where there are several cash transactions below a specified threshold level to a avoid filing of reports that may be necessary in case of transactions above the threshold level, as the customer intentionally splits the transaction into smaller amounts for the purpose of avoiding the threshold limit.

(v) Unusual Activities

Funds coming from the countries/centers which are known for money laundering.

(vi) Customer who provides Insufficient or Suspicious Information

(a) A customer/Company who is reluctant to provide complete information regarding the purpose of the business, prior business relationships, officers or directors, or its locations.

(b) A customer/Company who is reluctant to reveal details about its activities or to provide financial statements.

(c) A customer who has no record of past or present employment but makes frequent large transactions.

(vii) Certain NBFC Employees arousing Suspicion

(a) An employee whose lavish lifestyle cannot be supported by his or her salary

(b) Negligence of employees / wilful blindness is reported repeatedly. 

Annexure 4: Digital KYC note

1. Purpose and Applicability

Avanti Finance Private Limited (“Company”) is committed in maintaining the highest standards of integrity, transparency, and compliance with applicable securities laws. This Policy is designed to prevent unlawful trading of the Company’s securities based on material, non-public information and to protect the reputation of the Company and its employees.

Regulation 8 read with Schedule A of Securities and Exchange Board of India (Prohibition of Insider Trading) Regulations, 2015 as amended from time to time (“Regulations”) mandates formulation of a Code of Practices and Procedures for Fair Disclosure of Unpublished Price Sensitive Information (“Code”).

This Code shall apply in relation to disclosure of Unpublished Price Sensitive Information (“UPSI”) by the Company. The scope, exceptions as given in the Regulations shall be applicable for the purpose of this Code as well.

The words and expressions used but not defined herein shall have the meanings as ascribed to them under the Regulations.

2. Objective

This Code has the following objectives:

a)  Practices and procedures to follow in relation to dissemination and  disclosure of UPSI; and

b) Sharing of UPSI for legitimate purposes

3. Chief Investor Relations Officer

The Company shall designate a senior officer as a Chief Investor Relations Officer (“CIRO”) for dealing with dissemination of information and disclosure of UPSI in a fair and unbiased manner.

For the said purpose, the Chief Compliance Officer of the Company will be the CIRO for the purpose of this Code.

The CIRO would be responsible to ensure timely, adequate, uniform and universal dissemination and disclosure of UPSI pursuant to this Code as required under the Regulations so as to avoid selective disclosure.

4. Principles of Fair Disclosure

The following principles of fair disclosure for the purpose of the Code will be strictly adhered to –

a) Prompt public disclosure of UPSI that would impact price discovery no sooner than credible and concrete information comes into being, in order to make such information generally available.

b) Uniform and universal dissemination of UPSI information to avoid selective disclosure.

c) Designation of a senior officer as the Chief Investor Relations Officer to deal with dissemination of information and disclosure of UPSI.

d) Prompt dissemination of UPSI that gets disclosed selectively, inadvertently or otherwise to make such information generally available.

e) Appropriate and fair response to queries on news reports and requests for verification of market rumours by regulatory authorities.

f) Ensuring that information shared with analysts and research personnel is not UPSI.

g) Develop best practices to make transcripts or records of proceedings of meetings with analysts and other investor relations conferences on the official website to ensure official confirmation and documentation of disclosures made.

h) Handling of all UPSI on a need-to-know basis.

5. Legitimate Purpose

UPSI can be shared as an exception for legitimate purpose as per Policy for Determination of Legitimate Purpose as given in Annexure A.

6. Amendment

This Code shall be reviewed on an annual basis. Any amendments would be subject to the review and approval of the Audit Committee and the Board of Directors of the Company.

In the event that any provision of this Code conflicts with any law, rule or regulation that is in force for the time being, the said law, rule or regulation that is in force for the time being shall take precedence over the conflicting provision of the Code.

For transparent disclosure of this Code, every amendment thereto shall be promptly intimated to the stock exchanges where the securities of the Company are listed.

POLICY FOR DETERMINATION OF LEGITIMATE PURPOSE

1.  Background

Regulation 3(2A) of SEBI (Prohibition of Insider Trading) Regulations, 2015 requires determination and stipulation of legitimate purposes for sharing UPSI in the Code of Practices and Procedures for Fair Disclosure of Unpublished Price Sensitive Information.

The Company endeavours to preserve the confidentiality of unpublished price sensitive information (“UPSI”) and to prevent its misuse. To achieve this objective, and in compliance with the aforesaid Regulations, the Company has framed “Policy for Determination of Legitimate Purpose” (“Policy”) as a part of its Code of Fair Disclosure.

The words and expressions used but not defined herein shall have the meanings as ascribed to them under the Regulations.

2. Objective

The objective of this Policy is to identify ‘Legitimate Purposes’ for performance of duties or discharge of legal obligations, which will be considered as exception for procuring/communicating/providing/ allowing access to UPSI relating to the Company. Whether sharing of UPSI for a particular instance would be tantamount to ‘legitimate purpose’ would depend on the specific facts and circumstances of each case.

3. Legitimate Purpose

“Legitimate Purpose” shall include sharing of UPSI in the ordinary course of business by an insider with the following on a need-to-know basis:

a) promoters/founders and shareholders*

b) auditors (statutory, internal, secretarial, GST and any other Auditor, as applicable),

c) staff members of the Audit firm/team conducting the audit,

d) partners and collaborators,

e) lenders (both existing and prospective),

f) prospective investors,

g) customers,

h) vendors and suppliers,

i) bankers (including merchant bankers),

j) SEBI registered intermediaries, RBI registered NBFCs, Financial Institutions and Regulators,

k) legal advisors and professionals rendering services,

l) consultants and service providers,

m) credit rating agencies,

n) insolvency professionals

o) any other person with whom UPSI is shared,

(*) – Sharing of UPSI with the promoters/founders and shareholders will also be subject to the provisions of the shareholders’ agreement, as amended from time to time.

provided that such sharing would not amount to evasion or circumvention of the prohibitions under the Regulations.

The agreements entered into involve sharing of UPSI should have a “confidentiality clause” or else a separate non‐disclosure agreement shall be executed with parties to safeguard the disclosure of UPSI.

Any person in receipt of Unpublished Price Sensitive Information pursuant to a “legitimate purpose” shall be considered an insider for purposes of this Code/Policy and due notice shall be given to such persons to maintain confidentiality of such UPSI. Once it is determined that an employee/director is sharing Unpublished Price Sensitive Information in furtherance of legitimate purposes, such employee/director shall ensure that he/she complies with all applicable provisions of the Code of Conduct for Prohibition of Insider Trading pertaining to sharing/disclosure of Unpublished Price Sensitive Information.

4. Structured Digital Database

In compliance with Regulation 3(5) and 3(6) of SEBI (Prohibition of Insider Trading) Regulations, 2015, the Company would maintain Structured Digital Database (SDD) containing the nature of UPSI and the names of such persons who have shared the information and also the names of such persons with whom information is shared under this Regulation along with the Permanent Account Number (PAN) or any other identifier authorized by law where PAN is not available in the following manner –

a) Sharing of UPSI, whether internally or externally, will be recorded in the SDD.

b) The SDD will not be outsourced and will be maintained with adequate internal controls and checks such as time stamping and audit trails to ensure non-tampering of the database.

c) Such SDD should be maintained for not less than 8 years after completion of the relevant transactions.

d) In the event of receipt of any information from SEBI regarding any investigation or enforcement proceedings, the relevant information in the SDD shall be preserved till the completion of such proceedings.

e) Name of persons who have shared the information (UPSI) and with whom information (UPSI) is shared shall be captured digitally in database along with PAN or any other identifier.

5. Amendment

This Policy shall be reviewed on an annual basis. Any amendments would be subject to the review and approval of the Audit Committee and the Board of Directors of the Company.

In any circumstance where the terms of this Policy differs from any law, rule, regulation etc., for the time being in force, the law, rule, regulation etc., shall take precedence over this Policy.

This Policy and any subsequent amendment(s) thereto, shall be promptly intimated to the stock exchanges.

‍

1. Background and Purpose

Reserve Bank of India (RBI) vide its notification No. RBI/2021-22/25 Ref.No.DoS.CO. ARG/SEC.01/08.91.001/2021-22 dated 27th April 2021 had issued Guidelines for Appointment of Statutory Central Auditors (SCAs) / Statutory Auditors (SAs) of Commercial Banks (excluding RRBs), UCBs and NBFCs (including HFCs) (“RBI Guidelines”). This Policy on Appointment of Statutory Auditors (“the Policy”) has been framed keeping in view the aforesaid RBI Guidelines as amended from time to time and applicable provisions of Companies Act, 2013 and the rules made thereunder.

In case of any inconsistency between the RBI Guidelines and this Policy, the guidelines issued by RBI from time to time shall prevail and that the Company shall ensure compliance with all the provisions of RBI Guidelines as prescribed in this regard from time to time.

2. Applicability

The Policy applies to appointment/re-appointment of SAs of the Company.

3. Eligibility Criteria of Statutory Auditors

3.1 In accordance with the RBI Guidelines, the audit firm(s) shall fulfil the following minimum criteria for being eligible to be considered for appointment as SAs of the Company:

a) There should be Minimum 3 (three) full-time partners (FTPs) associated with the firm for a period of at least three years.

b) Out of total FTPs, there should be Minimum 2 (two) fellow chartered accountant (FCA) partners associated with the firm for a period of at least three years.

c) There should be Minimum 1 (one) full-time partners/ paid Chartered Accountants (CAs) with Certified Information System Auditor (CISA)/ ISA qualification.

d) The relevant audit experience of the firm as Statutory Central/ Branch Auditor of Commercial Banks (excluding RRBs)/ UCBs/ NBFCs/ AIFI should be minimum 8 (eight) years.

e) There should be Minimum 12 (twelve) professional staff associated with the firm.

Explanation - FTPs in point (a), paid CA(s) in point (c), and professional staff in point (e) should be at least one-year continuous association with the firm as on date of empanelment to be considered them as FTPs/ paid CA(s)/ professional staff in the firm.

(Refer - Annex I of RBI Guidelines for detailed Eligibility criteria)

3.2 The audit firm(s) proposed to be appointed as the SA of the Company shall also comply with the other eligibility criteria as mentioned under Section 141 of the Companies Act, 2013 and rules made thereunder.

3.3 The audit firm(s) shall be strictly guided by the relevant professional standards in discharge of their audit responsibilities with highest diligence.

3.4 No audit firm(s) shall be considered for appointment as SA of the Company, if it exceeds the maximum number of statutory audit of entities during a particular year i.e. four commercial banks, Eight UCBs, Eight NBFCs and within the overall ceiling prescribed by any other statutes or rules.

4. Independence of Auditors

4.1 The Audit Committee of the Board (‘ACB’) shall monitor and assess the independence of the auditors and conflict of interest position in terms of relevant regulatory provisions, standards and best practices. Any concerns in this regard may be flagged by the ACB to the Board of Directors of the Company and concerned Regional Office (RO) of RBI.

4.2 The audit of the Company and any entity with large exposure to the Company for the same reference year should also be explicitly factored in while assessing independence of the auditor.

4.3 The time gap between any non-audit work i.e., services mentioned at Section 144 of Companies Act, 2013, internal assignments, special assignments, etc. by the SAs of the Company or any audit/non–audit work for the Company’s group entities should be at least one year, before or after its appointment as SAs. However, during the tenure as SAs, an audit firm may provide such services to the concerned entities, which may not normally result in a conflict of interest, and the Company may take a decision in this regard, in consultation with the ACB.

4.4 The restrictions as detailed in para 4.2 and 4.3 above, shall also apply to an audit firm under the same network of audit firms or any other audit firm having common partners.

5. Professional Standards of SAs

5.1 The SAs shall be strictly guided by the relevant professional standards in discharge of their audit responsibilities with highest diligence.

5.2 The ACB shall review the performance of SAs on an annual basis. Any serious lapses/negligence in audit responsibilities or conduct issues on part of the SAs or any other matter considered as relevant shall be reported to RBI within two months from completion of the annual audit. Such reports shall be sent with the approval/recommendation of the ACB with the full details of the audit firm.

5.3 In the event of lapses in carrying out audit assignments resulting in misstatement of financial statements, and any violations/lapses vis-à-vis the RBI’s directions/guidelines regarding the role and responsibilities of the SAs in relation to the Company, the SAs would be liable to be dealt with suitably under the relevant statutory/regulatory framework.

6. Tenure and Rotation

6.1 The SA shall be appointed for a continuous period of three years, subject to the firms satisfying the eligibility norms each year.

6.2 Further, in case of removal of SAs before the completion of three years tenure, the Company shall inform concerned RO at RBI about it, along with reasons/justification for the same, within a month of such a decision being taken.

6.3 An audit firm would not be eligible for reappointment for six years (i.e. two tenures) after completion of full or part of one term of the audit tenure with the Company.

7. Audit fees and expenses

7.1 The ACB shall decide and recommend the audit fees to the Board in accordance with the relevant statutory/regulatory provisions.

7.2 While recommending the audit fees, the ACB shall ensure that the same shall be reasonable and commensurate with the scope and coverage of audit, size and spread of assets, accounting and administrative units, complexity of transactions, level of computerization, identified risks in financial reporting, etc.

8. Procedure for appointment of SAs and reporting requirements

8.1 The Company will shortlist a minimum of 2 audit firms for every vacancy of SAs so that even if firm at first preference is found to be ineligible/refuses appointment, the firm at second preference can be appointed and the process of appointment of SAs does not get delayed.

8.2 The Company shall obtain a certificate, along with relevant information as per Form B (as prescribed by RBI guidelines) from the audit firm(s) proposed to be appointed as SAs to the effect that it complies with all the eligibility norms prescribed by RBI for the purpose. Such certificate shall be signed by the main partner/s of the audit firm proposed for appointment, under the seal of the said audit firm.

8.3 In addition to the above, prior to such appointment, a written consent of the auditor to such appointment and a certificate in compliance with applicable provisions of the Companies Act, 2013 and the rules made thereunder, shall be obtained from the SAs.

8.4 The ACB will review the independence, eligibility norms, terms of appointment and remuneration of the audit firm proposed to be appointed as SAs and recommend the appointment of the audit firm for approval of the Board. The Board will discuss and approve the appointment of SAs subject to approval of the shareholders in the ensuing Annual General Meeting.

8.5 Any casual vacancy in the office of an auditor shall be filled by the Board of Directors within thirty days, but if such casual vacancy is as a result of the resignation of an auditor, such appointment shall also be approved by the Company at a general meeting convened within three months of the recommendation of the Board and the auditor shall hold the office till the conclusion of the next annual general meeting.

8.6 Upon appointment of SA by the Shareholders, the Company shall inform the auditors concerned of its appointment and file required return/forms with the Registrar of Companies within the timelines as prescribed under the Companies Act, 2013 and rules made thereunder.

8.7 The Company shall inform the concerned Regional Office of RBI about the appointment of SAs for each year by way of a certificate in Form A (as prescribed by RBI guidelines) within one month of such appointment, as may be amended from time to time.

9. Review of Policy

The Policy will be approved by the ACB and the Board and hosted on the official website of AFPL.

The Policy will be reviewed on an annual basis or as and when deem necessary by the ACB and Board in the context of changing regulation and guidelines.

‍

This document is an electronic record in terms of Information Technology Act, 2000 and rules  thereunder as applicable. This electronic record is generated by a computer/electronic system and does  not require any physical or digital signatures.

1. SCOPE AND PURPOSE

1.1. In this Resource Planning Policy (“Policy”), “we” or “us” or “our” means Avanti Finance Private  Limited (“Company”), and includes its executive directors, officers, employees, as the context  may require.

1.2. In pursuance of direction from the Reserve Bank of India (“RBI”), Company has put in place  this Policy which inter-alia, covers the planning horizon and the periodicity of private  placements of non-convertible debentures (“NCDs”) of maturity more than 1 (one) year issued  by Company.

2. SOURCES

2.1. The resource mobilization shall be in line with the Asset Liability Matching (“ALM”) requirement of the Company. It is the endeavour of the Company that the funds are mobilized from a diversified group of sources so that no single lender would have an exposure of more  than 75% of the overall funding, unless otherwise specifically required by the Company. This  limit will be subject to review by the Company’s Board from time to time.

2.2. Broadly, the resource mobilization by the Company may be understood to comprise the  following sources:

(i) Loans from banks and financial institutions;

(ii) Retained earnings;

(iii) Issue of NCDs;

(iv) Issue of commercial paper; and/or

(v) Inter-corporate loans.

(vi) Securitisation – Direct assignment or Pass through Certificates

2.3. The proportion of the long-term and short-term resources for the Company shall be fixed from  time to time based on the business plan for each year approved by the Board of Directors of the Company..

2.4. The annual business plan of the Company will reflect the mix/ratio of the above sources in the overall  funds of the Company at the start of each financial year, in line with the  long-term and short-term requirements of the Company.

3. LONG-TERM RESOURCES

3.1. Resources with a maturity of more than 12 months shall be treated as long-term resources.

3.2. Borrowings from Banks and Financial Institutions: The Company may plan for raising long-term  resources from banks and financial institutions. The major source of funding for the Company  as of the date of adoption of this Policy are scheduled commercial banks and larger NBFCs.  While these would continue to be the biggest source of capital for meeting its funding  requirements, the Company shall endeavour to develop alternative sources of funding from other markets depending on the business requirements.

3.3. Retained Earnings: The Company may plough back its profits in such proportions based on the  maintenance of capital adequacy ratio (“CRAR”) stipulated by regulations from time to time.

3.4. Issue of Non-Convertible Debentures:  

3.4.1. Based on the business requirements of each financial year, the Company may issue  NCDs to high net-worth individuals and/or institutions or such other class or category of  investors. The timing and the amount of issue shall be decided by the Board or the finance committee and shall be  subject to the statutory and regulatory compliances as may be required. The total number of  subscribers in each issue shall not exceed the maximum number of subscribers fixed under  any of the applicable laws or regulations.

3.4.2. The issue of NCDs may be secured on the assets of the Company (moveable or immovable) in  line with the regulatory requirement (as amended from time to time). In the event such NCDs  are in the nature of secured debt, the charge shall be registered in accordance with the  provisions of the Companies Act, 2013.  

3.4.3. The Company shall issue NCDs for the purpose of its own balance sheet only and shall not  grant loans against the NCDs.

4. SHORT-TERM RESOURCES

4.1. Resources with a maturity of 12 months and less shall be treated as short-term resources.

4.2. The main sources are bank advances, commercial papers (“CPs”), Pass Through certificates, shareholder loans, working capital loan and overdraft facility Depending on the ALM requirements, the Company may borrow funds from banks and other financial institutions / corporates from  time to time and continue to issue CPs with maturity ranging from 1 to 12 months.

4.3. Subject to applicable laws and regulations, the Company may also avail inter-corporate loans  which are exempt from the purview of public deposits under the applicable directions of RBI.

5. REGULATORY REFERENCE

Master Direction- Reserve Bank of India (Non-Banking Financial Company – Scale Based Regulation) Directions, 2023

6. REVIEW

This Resource Planning Policy comes from the date of approval by the Board and shall be monitored and reviewed periodically by the Board of the Company.

‍

Background

This Policy for dealing with unclaimed amounts lying with the Company (‘Policy’) has been framed and adopted by the Board of Directors, pursuant to Regulation 61A of the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 (‘LODR Regulations’) and SEBI Circular No. SEBI/HO/DDHS/DDHS-RAC-1/P/CIR/2023/176 dated November 08, 2023 on ‘Procedural framework for dealing with unclaimed amounts lying with entities having listed non-convertible securities and manner of claiming such amounts by investors’.

Objective

The Policy has been framed to standardize the process to be followed by the Company for the manner of handling the unclaimed dividend or interest/redemption amount lying with the Company pertaining to the Non-Convertible Securities issued by the Company.

Definitions

Capitalized terms used herein but not defined anywhere in the Policy shall have the meaning as prescribed to it in the Circular.

“Act” shall mean the Companies Act, 2013, as amended from time to time and Rules made there under.

“BENPOS” refers to the beneficiary position statement as received from the Registrar and Transfer Agent (RTA) of the Company on a record date.

“Client Master List (CML)” refers to a document issued by the depository participant (DP) of your Demat account.

“Company” shall mean Avanti Finance Private Limited.

“Escrow Account” means Escrow Account opened by the Company in any scheduled bank.

“IEPF” shall mean the ‘Investor Education and Protection Fund’ established by the Central Government of India in terms of section 125 of the Companies Act, 2013.

“Investors” means the holders of listed non-convertible securities of the Company.

“Listing Regulations” shall refer to the Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015, as amended from time to time.

“RTA” refers to the Registrar and Share Transfer Agent of the Company.

Transfer of Unclaimed Amounts

i. The Company shall make all the payments due to the respective Investor(s) as per the BENPOS received from RTA on the due date of payment as per the terms of the Disclosure Documents, as the case may be.

ii. In case the payment so made to the respective Investor(s) on the due date fails due to any of the following reason(s):

1. Dormant / NRE bank account provided by the investor(s)
2. Missing Bank account details of the Investor(s)
3. Incorrect/missing IFSC code
4. Mismatch of name of the investor & name of the bank account holder
5. Any other reason

Then, the Company shall reach out to the Investor(s) via telephone and email as available in the records of the Company, for the missing/incorrect details, if the Investor is not reachable, the Company shall issue a demand draft or cheque in favour of the respective Investor(s) and the same shall be sent to the registered address of the respective Investor(s) as available in the BENPOS on the payment date and keep a record of the speed post/courier details.

iii. In case the demand draft or cheque returns unclaimed to the Company due to any of the following reasons:

1. Addressee not found.
2. Addressee refused to collect the package.
3. Door locked.
4. Any other reason

Then the Company shall transfer all interest/ principal amount dueto such investor(s) to the Escrow Account, within 7 (seven) days from the dateof expiry of the period of 30 (thirty) days of the amounts becoming due i.e.within 37 days.

iv. It may be noted that the amount so transferred to the Escrow Account shall not bear any interest.

v. The Company shall publish a list containing the names of the Investor(s) and their respective amount(s) lying unclaimed on its website within a period of 30 (thirty) days from the date of transfer. Such a list shall also contain search facility for ease of access to the Investor(s). The cumulative details of the number of claims received, processed, pending, etc. shall also be available on the website of the Company.

vi. In case any amount is not transferred within the aforesaid period of (37 days), the Company shall pay interest on such amount for the period of default i.e. from the date of default till the date of transfer to the Escrow Account, at the rate of twelve (12) percent per annum or such other rate as may be prescribed, from time to time under the applicable laws. The said interest amount shall accrue to the Investor(s) in proportion to the amount remaining unclaimed.

vii. Any amount transferred to the Escrow Account which remains unpaid/unclaimed for a period of 7 (seven) years from the date of such transfer, shall be transferred to IEPF within a period of 30 (thirty) days.

Nodal Officer

The Investor(s) can raise their queries or grievances, relating totheir claim directly with the Nodal Officer at the below address:

The Company shall display the name, designation and contact details of the Nodal Officer on its website. In case there is a change in the Nodal Officer due to any reason, the Company shall designate another person as a Nodal Officer within fifteen days of such change.

Process for Claiming Unclaimed Amounts by Investors from the Company

i. Investors should first check whether any unclaimed interest/ principal is due to be payable to them from the details uploaded by the Company on its website.

ii. Investors / beneficial owners who are holding securities in dematerialized form can submit a signed Request Letter in the format mentioned in Annexure A of this Policy by mail /post addressing the Nodal Officer along with cancelled cheque/copy of Bank Passbook/ Bank Statement with the following details:

a. Name of the Investor

b. Bank Account No.

c. Nature of Bank Account (Savings Account/Current Account)

d. Branch address of the Bank

e. IFSC code

f. MICR code

1. For institutional Investors, constitutional documents and scanned copy (PDF/ JPG Format) of the relevant board resolution/authority letter, etc by authorized signatories
2. Certified copy of the updated Client Master List (CML) with revised/correct bank details

iii. The aforementioned procedure in respect of the investor shall apply, mutatis mutandis, to the legal heir/ successor/ nominee of the Investor. In case a claim is made by legal heir/ successor/ nominee, the following additional documents are required to be submitted.

Upon the death of security holder / joint security holders, the Nominee shall be treated as the claimant.

In case the securities are held singly/jointly with nomination:

a. Duly signed request form by the nominee;

b. Copy of death certificate attested by the nominee subject to verification with the original or copy of death certificate duly attested by a notary public or by a Gazetted Officer;

c. Self-attested copy of the PAN card of the nominee.

In case the securities are held singly/jointly without nomination:

a. A notarized affidavit from all legal heir(s) made on non-judicial stamp paper of appropriate value, to the effect of identification and claim of legal ownership to the securities.

However, in case the legal heir(s)/claimant(s) are named in the Succession Certificate or Probate of Will or Will or Letter of Administration as may be applicable in terms of Indian Succession Act, 1925 or Legal Heirship Certificate or its equivalent certificate issued by a competent Government Authority, an affidavit from such legal heir(s)/claimant(s) alone shall be sufficient.

b. Duly signed request form by the legal heir(s)/claimant(s);

c. Copy of death certificate attested by the legal heir(s)/claimant(s) subject to verification with the original or copy of death certificate duly attested by a notary public or by a Gazetted Officer.

d. Self-attested copy of the PAN card of the legal heir(s)/claimant(s);

e. Copy of Succession Certificate or Probate of Will or Will or Letter of Administration or Court Decree as may be applicable in terms of Indian Succession Act, 1925 or Legal Heirship Certificate or its equivalent certificate issued by a competent Government Authority, attested by the legal heir(s)/claimant(s) subject to verification with the original or duly attested by a notary public or by a Gazetted Officer.

f. Original Indemnity Bond duly signed by the Claimant in the format attached as Annexure B;

The legal heir/ successor/ nominee shall satisfy the provisions specified under the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 and circulars issued thereunder, for the transmission of non-convertible securities and/ or the corresponding claim thereon, as applicable.

iv. Manner of submission of claim:

a. An Investor or legal heir/successor/nominee of the Investor can claim for payment of any unclaimed dividend/interest/redemption amount lying with the Company by sharing the above-mentioned documents to the Nodal Officer of the Company through email or hardcopy at the address of the Company.

b. An Investor can raise their query/grievance, if any, relating to their claim to the Nodal officer.

v. Examination of the claim received by the Nodal Officer:

a. Upon receipt of a claim application, if the Company/Nodal Officer, upon examination, finds it necessary to call for further information or finds such application or document(s) to be defective or incomplete in any respect, it shall intimate the investor, of such need for information or defects or incompleteness, by e-mail or other written communication and direct the investor to furnish such information or to rectify such defects or incompleteness or to re-submit such application or document(s) within 30 (Thirty) days from the date of receipt of such communication, failing which the claim may be rejected.

vi. Timeline for processing the claim:

a. The Company shall within 30 (Thirty) days of receipt of a claim application from an investor or complete information as called upon from the investor, remit the payment to the investor using electronic modes of funds transfer.

Time Frame for Claiming the Amount

Investors should claim the amount of unclaimed interest/ principal upon maturity within 7 (seven) years from the due date of the payment. After 7 (seven) years, the amount shall be transferred to IEPF.

Review

The Policy will be approved by the Audit Committee and the Board and hosted on the official website of the Company.

The Policy will be reviewed on an annual basis or as and when deem necessary by the Audit Committee and Board in the context of changing regulation and guidelines.

REQUEST LETTER

Annexure A

REQUEST LETTER

Date:

To

Avanti Finance Private Limited

# 2727, 2nd floor, 1st Main Road, HAL 3rd Stage,

Ward no. 58 (Old No. 83) New Thippasandra,

Bangalore, Bangalore North, Karnataka, India, 560075

Sub: Credit of the unclaimed interest/principal amount on Non-Convertible Debentures issued by Avanti Finance Private Limited

Ref: Folio No/DP ID ___________and Client ID:____________

Dear Sir / Madam,

I/We, ________________, am/are holding Non-Convertible Debentures (“NCDs”) issued by Avanti Finance Private Limited (“the Company”), as per below details:

With reference to the various reminders by the Company and/or telephonic conversation with the official of the Company, I/we request you to credit the unclaimed amount in the Bank Account, details of which are given as below:

Please find enclosed herewith the following documents to enable the Company to process the Unclaimed Amount:

1. Self-attested copy of PAN

2. Self-attested copy of Aadhar Card or Passport

3. Updated Client Master List or Demat account statement

4. Cancelled Cheque of the same bank account which is reflected in the CML

5. For institutional Investors, constitutional documents and scanned copy of the relevant board resolution/authority letter, etc. by Authorized Signatories

Request you to process the credit of the unclaimed amount.

Yours Faithfully,

‍

Sign:

Name of Investor:

Address:

Contact Details:

‍

‍

Annexure B

INDEMNITY BOND

(To be executed by the Claimant on a non-judicial stamp paper and notarised)

THIS DEED OF INDEMNITY is made at _______ this _______ day of ________of_____________ By Mr./Ms. ____________ wife/son/daughter of Mr./Ms. _______ residing at _____________________________________ (which expression shall unless it be repugnant to the meaning or context thereof be deemed to mean and include them and their respective heirs, executors, administrators and legal representatives) of the First Part.

IN FAVOUR OF:

Avanti Finance Private Limited a Company registered under the provisions of Companies Act, 2013 having its registered office at # 2727, 2nd floor, 1st Main Road, HAL 3rd Stage, Ward no. 58 (Old No. 83) New Thippasandra, Bangalore, Bangalore North, Karnataka, India, 560075 (hereinafter called as the “AFPL/Company” which expression shall include unless repugnant to the subject or context be deemed to include their successors, permitted assigns, representatives) on the Other Part.

WHEREAS:

1. Mr./ Ms. _________ holds ___________ (Non-Convertible Securities) in the Company and the interest/ redemption/ dividend (strike out the options which are not applicable) remains unclaimed with respect to said security.

2. That Mr. __________ has passed away on _______________.

3. That I ______________ (hereinafter referred as “Claimant”), being the legal heir of the deceased have approached AFPL and requested for release of the unclaimed interest/ redemption/ dividend amount (hereinafter referred to as “Unclaimed amount”) due to the _____________ (name of original investor) lying with the Company.

4. That in support of the above said request, I have enclosed the following documents:

a) .....

b) .....

NOW, THEREFORE, THIS INDEMNITY BOND WITNESSETH as under:

In consideration of the above having agreed to comply with my request on my executing an indemnity bond in favour of the AFPL, I, the Claimant, hereunder for myself, my heirs, executors, administrators and assigns do hereby agree to indemnify and keep indemnified the Company, its successors, directors, manager and their heirs, executors and assigns from and against all actions, suits, proceedings, accounts, claims and demands whatsoever for or on account of the said securities or any part thereof or otherwise arising out of release of said unclaimed amount in my favor and from and against all losses, costs, claims, actions, demands, risks, charges, expenses, damages and losses arising in any manner whatsoever.

I hereby solemnly affirm and certify that the statements contained in above paragraphs are true to the best of my knowledge, information and belief and that nothing material has been concealed from being disclosed and are binding on me.

I hereby also confirm that all the documents submitted to Company are true and correct.

IN WITNESS whereof, this bond of indemnity is executed by my hand on this ____ day of _____, _____.

Signature: ________________

Name of Claimant: _______________

Signed before me

(Signature of Notary)

Official Stamp and Seal of the Notary and Registration No.

‍

1. Introduction

Avanti Finance Private Limited (the "Company") is registered with the Reserve Bank of India ("RBI") as a non-banking financial company ("NBFC"), by a certificate of registration dated August 13, 2021 bearing registration number N-02.00338 issued by RBI, Bengaluru (old certificate dated June 23, 2017 bearing registration number N.13.02191 issued by RBI, Mumbai). The Company is a non-deposit taking, middle layer NBFC.

The policy is prepared pursuant to the Companies Act, 2013 and Regulation 9 of the Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015 (hereinafter referred to as “Listing Regulations”) which mandates that a listed entity shall have a policy for the preservation of documents.

2. About the Policy

The purpose of this Policy is to ensure that necessary records and documents of the Company are adequately protected and maintained. This Policy contains guidelines for identifying documents that need to be maintained, the period of retention of such documents and the authorized person/department responsible to maintain documents. This Policy aims to provide efficient and systematic control on the periodicity of maintenance of documents. This Policy applies to all departments and business functions of the Company. It not only covers the various aspects on preservation of the documents, but also beneficial for the safe disposal/destruction of the documents and keeping a record of the same.

3. Definitions

1. “Act” means the Companies Act, 2013, Rules framed thereunder and any amendments thereto.
2. “Applicable Law” means any law, rules, circulars, guidelines or standards under which the preservation of the Documents has been prescribed.
3. “Authorized Person” means any person duly authorized by the Board.
4. “Board” means the Board of directors of the Company or its Committees.
5. “Books of Account” as per Section 2(13) of the Companies Act 2013 includes records maintained in respect of—

(i) all sums of money received and expended by a company and matters in relation to which the receipts and expenditure take place;

(ii) all sales and purchases of goods and services by the company;

(iii) the assets and liabilities of the company; and

(iv) the items of cost as may be prescribed under section 148 in the case of a company which belongs to any class of companies specified under that section;

1. “Document” as per section 2(36) of the Companies Act 2013 includes papers, notes, agreements, notices, agendas, circulars, advertisements, declarations, forms, minutes, registers, correspondences, challan or any other record required under or in order to comply with the requirements of any applicable law, whether issued, sent, received or kept in pursuance of the Act or under any other law for the time being in force or otherwise, maintained on paper or in electronic form.
2. “Electronic Form” means any contemporaneous electronic device such as computer, laptop, compact disc, floppy disc, space on electronic cloud, or any other form of storage and retrieval device, considered feasible, whether the same is in possession or control of the Company or otherwise the Company has control over access to it.
3. “Electronic Record(s)” means the electronic record as defined under clause (t) of sub- section of section 2 of the Information Technology Act, 2000.

The words and phrases used in this Policy and not defined here shall derive their meaning from the Applicable Law.

4. Interpretation

Terms that have not been defined in this policy shall have the same meaning assigned to them in the Companies Act, 2013, and / or Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015.

5. Roles and Responsibilities

This Policy is applicable to all documents maintained in physical and electronic mode by the Company. The preservation of documents should be such as to ensure that there is no tampering, alteration, destruction or anything that endangers the content, authenticity, utility or accessibility of the documents. The documents not specifically covered under this policy shall be preserved and maintained in accordance with the provisions of the respective acts, rules, guidelines and regulations as applicable under which those documents are maintained.

The respective Functional/ Departmental heads of the Company shall be responsible for maintenance and retention of documents in respect of the areas of operations falling under the charge of each of them, in terms of this Policy.

6. Authenticity

Where a document is being maintained both in physical electronic form, the authenticity with reference to the physical form should be considered for every purpose.

7. Guidelines

Regulation 9 of Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015, provides that the listed entity shall have a policy for preservation of documents, approved by its Board of Directors, classifying them in at least two categories as follows –

a. Documents whose preservation shall be permanent in nature;

b. Documents with preservation period of not less than eight years after completion of the relevant transactions.

Accordingly, the Company has classified the preservation of documents to be done in the following manner:

a. Documents that need to be preserved and retained permanently;

b. Documents that need to be preserved and retained for a period of 8 years as specified under the Companies Act, 2013 or Regulations;

c. Documents that need to be preserved and retained for a period of not less than three years as specified under Secretarial standards issued by The Institute of Company Secretaries of India;

d. Documents that need to be preserved and retained for such period as prescribed under any statute or regulation as applicable to the Company;

e. Where there is no such requirement as per applicable law, then for such period as the document pertains to a matter which is “Current”.

An indicative list of the documents and the time-frame of their preservation is provided in Annexure A.

8. Modes of preservation

The Documents may be preserved in

a. Physical form; or

b. Electronic Form

The official of the Company who is required to preserve the document shall be Authorised Person who is generally expected to observe the compliance of statutory requirements as per applicable law.

The preservation of documents should be such as to ensure that there is no tampering, alteration, destruction or anything which endangers the content, authenticity, utility or accessibility of the documents.

The preserved documents must be accessible at all reasonable times. Access may be controlled by the concerned Authorised Person with preservation, so as to ensure integrity of the Documents and to prohibit unauthorized access.

9. Archival of documents

Documents mentioned in Clause 9 above shall be maintained/ preserved in the following manner:

A) Documents maintained in physical form:

1. All information and/or documents pertaining to current financial year and for one preceding financial year shall be kept handy and maintained in such a manner that their retrieval is easy and quick.

2. All documents pertaining to the period prior to one preceding financial year, shall be kept in good condition at least up to the minimum period specified for their maintenance / preservation in Annexures attached hereto. The said records be also maintained in such a manner that their retrieval is easy and quick.

B) Documents maintained in electronic form:

1. All documents pertaining to current financial year and for one preceding financial year shall be maintained on server and Backup be maintained on scheduled time and day. The documents shall be maintained in such a manner that their retrieval is easy and quick.

2. Back up of all documents pertaining to the period prior to one preceding financial year shall also be maintained on server, in good condition at least up to the minimum period specified for their maintenance / preservation. The said records be also maintained in such a manner that their retrieval is easy and quick.

10. Destruction of documents

The documents specified in Annexure A which are not required to be maintained and preserved permanently, may be destroyed after the expiry of the specified retention period in such mode and under the instructions approved by the Functional/ Departmental Heads. Any deviation will be approved by the Chief Compliance Officer.

11. Dissemination of the Policy

The approved Policy shall be uploaded on the Company’s website, www.avantifinance.in and circulated to all Branches and departments.

12. General

Notwithstanding anything contained in this policy, the Company shall ensure compliance with any additional requirements as may be prescribed under any laws/regulations either existing or arising out of any amendment to such laws/regulations or otherwise and applicable to the Company from time to time

13. Review

This Policy shall be subject to review, if necessary. Any change/amendments in Applicable Laws with regard to maintenance and preservation of documents and records shall be deemed to be covered in this Policy without any review. Any change/amendments to this Policy shall be approved by the Board of Directors.

This Policy comes into effect immediately on the date of approval by the Board of Directors.

Records as per the Companies Act, 2013

‍
‍Accounts and Finance Records

Tax Records

‍

NBFC - Preservation of records

‍

Karnataka Shops and Establishments Act, 1961

‍

‍

‍

Company’s philosophy on Corporate Governance

Avanti Finance Private Limited (‘Company’ / ‘AFPL’) is a non-deposit taking NBFC registered with the Reserve Bank of India. The Company acknowledges its responsibility as a corporate citizen and is committed to upholding the highest standards of Corporate Governance. It strives for transparency in business ethics and accountability to customers, the government, and other stakeholders. The Company conducts its operations in alignment with sound corporate practices and continuously seeks to enhance them by adopting industry best practices.

Corporate governance refers to the framework of rules, practices, and processes that guide a company's administration and control. It ensures a balance of interests among key stakeholders, including shareholders, employees, customers, and the broader community in which the company operates. These corporate governance guidelines support the Company in achieving its objectives by covering all aspects of operations, management, strategic planning, internal controls, and regulatory compliance.

The Company ensures strong governance by implementing effective policies and procedures, which are mandated and regularly reviewed by the Board of Directors (‘Board’) or its committees.

RBI guidelines on Corporate Governance

Pursuant to Regulation 100 of the Master Direction – Reserve Bank of India (Non-Banking Financial Company – Scale Based Regulation) Directions, 2023 and as amended from time to time (‘Master Directions’), the Company has framed the following Internal Guidelines on Corporate Governance.

Board of Directors

The Board shall have an optimum combination of Executive, Non-executive and Independent Directors in line with the requirements of the provisions of the Companies Act, 2013 and other applicable laws, Shareholders’ Agreement as amended from time to time and the Articles of Association of the Company.

The Board shall meet at least four times a year, with a maximum time gap of one hundred and twenty days between any two meetings.

The Board shall be responsible for ensuring overall compliance with the Company's Corporate Governance and overseeing its business affairs. This includes guiding business strategy, maintaining financial soundness, making key personnel decisions, shaping the internal organization and governance structure, managing risks, and fulfilling compliance obligations. In carrying out these duties, the Board must act with honesty, integrity, and in the best interests of the Company. The Board must ensure that the Company's organizational structure supports both the Board and Senior Leadership Team (SLT) in fulfilling their responsibilities while enabling effective decision-making and strong governance. This includes clearly defining the key responsibilities and authorities of the Board, SLT, and those overseeing control functions.

The Board should actively participate in Company’s key matters, stay informed about significant changes in the business and external environment, and take timely actions to safeguard the Company's long-term interests.

Duties and Responsibilities of Board of Directors

In accordance with the provisions of Section 166 of the Companies Act, 2013 and as a matter of corporate governance, the directors of the Company have the following duties: –

• Shall act in good faith in order to promote the objects of the Company for the benefit of its members as a whole, and in the best interests of the Company, its employees, the shareholders, the community and for the protection of the environment.

• Shall exercise his/her duties with due and reasonable care, skill and diligence and shall exercise independent judgement.

• Shall disclose any situation in which he/she may have a direct or indirect interest that conflicts, or possibly may conflict, with the interest of the Company.

• Shall not achieve or attempt to achieve any undue gain or advantage either to himself/herself or to his/her relatives, partners, or associates and if such director is found guilty of making any undue gain, he/she shall be liable to pay an amount equal to that gain to the Company.

• Shall not assign his/her office and any assignment so made, shall be void.

Minimum Information to be placed before the Board

Pursuant to the Master Directions, the disclosures to be made by the Company to the directors shall include but not be limited to the following:

a. all relevant information for taking informed decisions in respect of matters brought before the Board;

b. The strategic and business plans and forecasts;

c. The organizational structure of the Company and delegation of authority;

d. Corporate and management controls and systems including procedures;

e. Economic features and marketing environment;

f. Information and updates as appropriate on the Company’s products;

g. Information and updates on major expenditure;

h. Periodic reviews of performance of the Company;

i. Report periodically about implementation of strategic initiatives and plans; and

j. Advise the director about the levels of authority delegated in matters placed before the Board.

Committees of the Board

To focus effectively on the issues and ensure expedient resolution of diverse matters, the Board constitutes a set of Committees with specific terms of reference / scope. The Committees shall operate as empowered representatives of the Board as per their Charter / terms of reference.

In compliance with the applicable provisions of the Companies Act, RBI guidelines and in order to meet business exigencies, the Company has constituted the following Board committees:

1. Audit Committee

2. Nomination and Remuneration Committee

3. Risk Management Committee

4. IT Strategy Committee

5. Finance Committee

6. Committee of the Executives (monitoring and follow-up on fraud cases)

7. Asset-Liability Management Committee

The terms of reference, roles and responsibilities of the aforesaid Committees is provided hereunder:

1. Audit Committee:

‍
2. Nomination and Remuneration Committee

3. Risk Management Committee

‍

4.     IT Strategy Committee

‍

5.     Finance Committee

‍

6. Committee of the Executives (monitoring and follow-up on fraud cases)

‍

7. Asset-Liability Management Committee

Further, as part of the Company’s commitment to good corporate governance, the Board has established the following additional committees to ensure transparency, accountability, and effective oversight of key functions:

1. IT Steering Committee

2. Whistle Blower Committee

3. Internal Complaints Committee

4. Credit Committee of Executives

5. Employee Stock Option Committee

6. Outsourcing and Procurement Committee

7. Information Security Committee

Fit and Proper Criteria

The Company has in place a Board approved policy for ascertaining the ‘Fit and Proper Criteria of directors’ at the time of appointment and on continuing basis. Pursuant to the said Policy, the Company obtains necessary disclosures from the Directors from time to time.

The Company ensures compliance with the provisions laid down in the said Policy. The Company shall ensure to furnish to the RBI on a quarterly basis, statement on change of directors and a certificate confirming that fit and proper criteria in selection of the directors has been followed. The same should be submitted to the Regional Office of RBI within 15 days of the close of the respective quarter and the statement for the quarter ending March 31, shall be certified by the Statutory Auditors.

Adoption of Policies

The Company has framed and adopted policies as per regulatory requirements and as approved by the Board of the Company which forms an integral part of the overall corporate governance framework of the Company.

Vigil Mechanism

The Company has formulated and adopted a vigil mechanism / whistle blower policy to enable directors and employees to report genuine concerns about unethical behaviour, actual or suspected fraud or violation of Company’s Code of Conduct. The vigil mechanism / whistle blower policy shall provide a mechanism for an individual to report violations without fear of victimisation.

Rotation of Statutory Auditors /Audit Partner(s)

The appointment and rotation of Statutory Auditors shall be as per the Guidelines for Appointment of Statutory Central Auditors (SCAs)/Statutory Auditors (SAs) of Commercial Banks (excluding RRBs), UCBs and NBFCs (including HFCs) issued by RBI and as amended from time to time and Policy on Appointment of Statutory Auditors adopted by the Company and as may be amended from time to time.

Key Managerial Personnel

In terms of the Master Directions, the Company ensures that except for directorship in a subsidiary, Key Managerial Personnel shall not hold any office (including directorships) in any other NBFC-ML or NBFC-UL.

Independent Directors

Company duly ensures that the independent director shall not be on the Board of more than three NBFCs (NBFCs-ML or NBFCs-UL) at the same time. Further, the Board ensures that there is no conflict arising out of their independent directors being on the Board of another NBFC at the same time.

Disclosure and transparency

The Company shall put up to the Board of Directors, at regular intervals, as may be prescribed by the Board in this regard, the following:

1. The progress made in putting in place a progressive risk management system and risk management policy and strategy followed by the Company;

2. Conformity with corporate governance standards viz., in composition of various committees, their role and functions, periodicity of the meetings and compliance with coverage and review functions, etc.

Chief Risk Officer (“CRO”)

Pursuant to Para 95 of the Master Directions, the Company has appointed a Chief Risk Officer (CRO) of the Company with clearly specified roles and responsibilities. The CRO is required to function independently so as to ensure highest standards of risk management.

Review

The Policy will be reviewed on an annual basis or as and when deemed necessary by the Board in the context of changing regulation and guidelines and emerging best practices with a view to enhancing the Company’s governance.

‍

‍