India Merchant Onboarding Policy
Adyen India Technology Services Private Limited
Scope and objectives
This policy has been designed to ensure that merchants are onboarded and reviewed in accordance with the applicable laws. This policy should be read in conjunction with Adyen’s Global AML/CFT Policy.
Merchant on-boarding team
Based on Policy and Procedure determined by Adyen’s Compliance Function, Adyen’s Merchant Operations Teams (the “Teams”) are responsible for undertaking an assessment of the potential merchant based on the information collected from the said merchant and/or obtained from reliable and independent sources, with oversight of the Compliance Function and Adyen’s Management Board. The Policy and Procedures that set out the criteria and standards for assessing the merchant are reviewed and updated at least annually, in accordance with the applicable law.
Merchant onboarding process
Step – 1: Collection of Information: For the Teams to conduct its background and antecedent check of the merchant, necessary information shall be collected, including the completed onboarding application, KYC identification documents, address proof, description of business model, business related documents/ certifications, bank details, PCI-DSS compliance, and other documents required to verify the credibility of the merchant. For further details, please refer to the following Procedures:
Adyen’s Legal Entity Screening Procedure;
Adyen’s Natural Person Screening Procedure;
Adyen’s Legal Arrangement Screening Procedure;
Adyen’s External Account Screening Procedure;
Adyen’s PCI-DSS Procedure;
Adyen’s Watchlist Screening Procedure; and
Adyen’s Business Model Screening Procedure
(together, the Procedures)
Step – 2: Assessment and Evaluation: As part of this check, the Teams shall evaluate, seek
additional information and clarifications as may be required, to satisfy itself that:
The merchant does not have any dupious or malafide intention;
The merchant does not sell or engage in fake/ counterfeit, prohibited or restricted products and services. For further details, please refer to Adyen’s Prohibited and Restricted Products and Services List.
The merchant is PCI-DSS / PA-DSS compliant, including that Customer card and related information is not being stored improperly on the merchant website. For further information, please refer specifically to Adyen’s PCI Screening Procedure.
The merchant has the following information clearly displayed on its website:
Terms and conditions of the service
Delivery, Return and Refund policies, including the timeline for processing returns and refunds
Contact information Further information is set out in Adyen’s Business Model Screening Procedure.
Step – 3: Execution of Legal Agreement: On completion of scrutiny, and satisfaction of compliance with applicable laws and Adyen’s internal standards, the merchant shall be required to execute an agreement with Adyen India and its partners which shall include suitable obligations on the merchant with respect to maintaining security/ privacy of customer data, continuous compliance with PCI-DSS/ PA-DSS standards, requirement to report incidents promptly and in the prescribed manner, amongst other responsibilities on the parties. This agreement shall also ensure that the merchant provides a periodic security assessment report, in the prescribed manner. As part of the agreement, Adyen shall also obtain necessary undertakings/ certifications regarding the merchant’s compliance with applicable law.
Step – 4: Assignment of Merchant Category Code: The Underwriting Team shall assign a Merchant Category Code (MCC) based on applicable business model and industry specific requirements. Further information is set out in Adyen’s Business Model Screening Procedure.
A security audit of the merchant may be carried out to check compliance with applicable law, as and when required.
Adyen India will obtain periodic security assessment reports from the merchant either based on the risk assessment and/or at the time of renewal of contracts. Periodic review of all merchant files, including KYC data as collected and verified in accordance with the Procedures during on-boarding, will be performed per a risk-based review cycle to ensure all data on file remains up-to-date and accurate.
Review of Policy
The Board of Adyen India would be responsible for reviewing and monitoring compliance with this Policy on a periodic basis, assisted by the Principal Officer and the Adyen Compliance Function.
This Policy shall be reviewed at least annually, or if significant regulatory changes occur to ensure its continuing suitability, adequacy, and effectiveness.
In the event of any conflict between the provisions of this Policy and applicable RBI guidelines or any other statutory enactments, rules, the provisions of the applicable RBI guidelines or statutory enactments, rules shall prevail over and automatically be applicable to this Policy and should be read in tandem with the provisions of the Policy. The relevant provisions of the Policy would be amended/modified in due course to make it consistent with the applicable law.
Any deviations from the procedures specified in this Policy shall be permitted only with the approval of the Principal Officer. However, no approvals shall be granted where such a deviation results in breach of any circular, direction, order or guidelines issued by any regulatory authority including the Reserve Bank of India.