Regulatory Compliance

1. Compliance Overview

CaratStone is committed to maintaining the highest standards of regulatory compliance. As a neobanking platform serving India's jewellery industry, we adhere to all applicable laws, regulations, and industry standards.

Our compliance framework is designed to protect our customers, maintain market integrity, and ensure transparent operations within the financial services ecosystem.

2. Reserve Bank of India (RBI) Compliance

2.1 Licensing and Authorization

CaratStone operates under partnership with RBI-licensed banking institutions and holds necessary authorizations for:

• Payment aggregation services
• NBFC partnerships for credit facilities
• Digital lending operations
• Remittance and cross-border transactions

2.2 KYC/AML Requirements

We strictly adhere to RBI's KYC (Know Your Customer) and AML (Anti-Money Laundering) guidelines:

• Mandatory Aadhaar-based e-KYC verification
• Video KYC for enhanced verification
• Periodic re-KYC as per RBI Master Directions
• Transaction monitoring for suspicious activities
• Reporting to Financial Intelligence Unit (FIU-IND)

3. Data Protection and Privacy

3.1 IT Act, 2000 Compliance

We comply with the Information Technology Act, 2000 and its amendments:

• Data localization requirements for payment data
• Reasonable security practices (ISO 27001 certified)
• Incident response and data breach notifications
• Electronic records management

3.2 Digital Personal Data Protection Act, 2023

• Lawful basis for data processing
• User consent management
• Data minimization principles
• Rights of data principals
• Cross-border data transfer compliance

4. Financial and Tax Compliance

4.1 GST Compliance

• GST registration and compliance for all services
• Automated tax invoice generation
• Monthly GST return filing assistance
• Input tax credit reconciliation

4.2 Income Tax Act Compliance

• TDS deduction and deposit as per IT Act
• Form 26AS and AIS reconciliation
• Annual Information Return (AIR) filing
• High-value transaction reporting

4.3 FEMA Compliance

Foreign Exchange Management Act compliance for international transactions, import/export of precious metals, and cross-border remittances.

5. Industry-Specific Compliance

5.1 Hallmarking Compliance

• BIS hallmarking standards adherence
• HUID (Hallmark Unique ID) integration
• Mandatory hallmarking compliance verification

5.2 Conflict-Free Sourcing

• Kimberley Process certification for diamonds
• Responsible jewellery sourcing standards
• Supply chain transparency requirements

5.3 Environmental Compliance

Adherence to environmental regulations for precious metals trading and sustainable business practices.

6. Security and Technical Standards

6.1 Certifications

• ISO 27001:2013 - Information Security Management
• ISO 27017 - Cloud Security
• ISO 27018 - Cloud Privacy
• PCI DSS - Payment Card Industry Data Security
• SOC 2 Type II - Service Organization Controls

6.2 RBI Cybersecurity Framework

• Baseline security controls implementation
• Regular IT audits and security assessments
• Incident response and business continuity plans
• Cyber insurance coverage

7. Audits and Reporting

• Annual statutory audits by CA firms
• Quarterly internal compliance audits
• RBI inspection readiness and cooperation
• Regulatory reporting (FIU-IND, SEBI, etc.)
• Transparent disclosure of compliance status
• Third-party security audits and penetration testing

8. Compliance Training

All CaratStone employees undergo mandatory training on:

• KYC/AML procedures and red flags
• Data protection and privacy laws
• Information security best practices
• Regulatory obligations and updates
• Ethics and code of conduct

9. Grievance Redressal Mechanism

We maintain a robust grievance redressal system as per RBI guidelines:

• Dedicated customer grievance portal
• Resolution within 30 days as per RBI norms
• Escalation to Banking Ombudsman if unresolved
• Quarterly review of complaints and resolutions