Airtel Payments-Mobile Banking facility to customers Introduction:- Airtel Payments Limited will be offering various products and services as part of its line of business activities permitted under the guidelines of Reserve Bank of . Our Bank envisions to provide innovative solutions to customers to fulfill their requirements by keeping the processes simpler, user friendly and reliable. One of the channels to deliver banking services is through the use of mobile device. With the advent of affordable handsets, greater data connectivity and the fact that mobile penetration is very high, the Bank would like to offer mobile banking and as of the direct banking channels for its customers. Mobile as a channel gives customers a 24*7 access to banking information & services. to all its customers. Scope This facility shall be for all types of mobile channels and all types of accounts on which mobile banking services will be offered to the customer. The mobile banking also span across following modes:- i. Mobile Application based services ii. USSD services iii. SMS banking This document lays down requirements related to mobile banking services which include various financial, non- financial services and information-based services as follows:- Non-financial services:- a) Registration b) Authentication c) Linking of accounts d) Self-care, Card Management e) View Account Balance/Statements (Mini statements, Period based etc., download statements). f) Application for services g) Secured storing of credentials h) Transaction status updates, information and advices i) General Product Information j) Notifications k) Other types of non-financial services which bank will add from time to time Financial Services:- a) Fund Transfer (Intra Bank/Inter Bank) b) Utility/Bill/Credit Card Payments c) Recharges d) Ecommerce/Mcommerce payments e) Standard Instructions f) Other types of financial services which bank will add from time-to-time

Information based services:- a) Locator Services(Branch, CSP, FIFO, ATM, etc) b) Offers c) Feedback d) Contact us e) Use of customer’s social login or device print to customer or enhance intuitive transaction or services to customers f) Financial market information such as deals executed, outstanding documents, confirmations, etc.

In line with the RBI guidelines on mobile banking, Airtel payments Bank adhere to guidelines as under:-

A) Regulatory Requirements:-

Airtel Payments Bank(APB) has implemented Core Banking Solutions. APB provides domestic services only which involve Indian rupee transactions. APB follow KYC, AML, CFT guidelines while on boarding. It has a robust mechanism of identifying frauds and comply with the regulatory reporting such as submitting suspicious Transaction reports etc. to the concerned authorities.

B) Impact Assessment

Mobile Banking services shall be offered only to those customers who are on boarded through appropriate KYC guidelines.

The services shall be offered 24X7 provided the customer has the internet access on the device data access etc.

The services shall be offered in accordance with the legal terms and conditions appropriately communicated to the customers by the bank.

The bank shall deploy suitable standards and procedures to ensure that its mobile banking and financial services are network independent i.e. mobile phones of any network operators can be used for availing the mobile banking services of the bank

C) Customer Registration:-

Airtel Payments Bank strive to facilitate customer registration for mobile banking through various channels which, interalia, include internet banking, IVR, etc. We also communicate to customers regarding mobile banking services and options available for customer registration.

D) Technology & security standards:-

In Airtel Payments Bank, all transactions are end to end encrypted. We use public private key encryption. Following algorithms are used for encryption:-

• RSA/ECB/PKCS1Padding • TripleDES

Periodic risk management analysis, security vulnerability assessment of application and network shall be conducted by the bank at periodic intervals.

The bank shall maintain appropriate data privacy standards for all sensitive customer data and transaction data updated through mobile banking and financial services.

The bank shall use only accredited mobile banking and financial services servers for its transaction offering

The bank shall conduct regular Information Security Audit of the mobile banking and financial services in accordance with the IT audit plan of the bank.

E) Interoperability:- Our app is operator agnostic. Customers on different mobile networks can create their accounts and access our banking services. Our mobile banking service is handset agnostic. Customers can access our mobile banking on various handsets. F) Clearing & settlement of inter-bank fund transfers:-

Airtel Payments Bank will participate in all payments systems and customers can avail such services through mobile banking.

G) Customer Service & Grievance redressal mechanism:-

Bank shall ensure that there are adequate customer education and awareness programs through difference channel of communication.

The full details of the terms and conditions of service offered by the bank shall be communicated to the customer in a manner that the legal risk involved in mobile banking and financial service transactions are communicated to customers appropriately.

The bank shall notify the time frame and circumstances in which any stop payment instructions could be accepted.

The bank shall periodically assess extant regulatory and statutory requirements relating to customer protection. The bank shall take adequate counter measures to contain the risks resulting in customer liabilities.

The bank shall make mandatory disclosures such as risk and responsibility and liabilities of the customer through various channels.

Customer complaints/grievances arising out of mobile banking and financial services facility would be covered under the Customer Grievance Redressal Policy and Customer Compensation Policy of the bank as well the Banking Ombudsman Scheme of Reserve .

Customers can lodge their complaints relating to mobile banking through the following modes:-

Level 1:- In the app, there will be customer service tab, in which we will give access to customers to log complaints. These complaints will land up to our vCare where our customer care executives will provide resolutions.

Level 2: If the grievance is not redressed within seven working days, customers can also mail to our grievance officer through email , the details of which are available on the website of the bank.

It is our endeavor to redress all such complaints/customer grievances with minimum Turn Around Time as per the policy of the bank and applicable regulatory guidelines.

H) Transaction Limits:-

The bank shall consider placing appropriate limits taking into account the guidelines issued by and its own risk perception and shall include

 Daily cap on transactions involving purchase of goods and services  Cap on transaction limits and velocity limits in case of remittance of funds for disbursement in cash.

I) Remittance of funds for disbursement in cash:-

We have developed an ecosystem of Customer Service Points (CSPs) and Financially Included Franchise Outlet (FIFO) from where our customers can withdraw cash in close proximity to customers.

J) Risk Management and Mitigation:- The risk management and control requirements applicable for mobile banking and financial services are covered under the following broad heads:

 Technology and Security Standards that will ensure confidentiality, integrity, authenticity and non-repudiation.  Transactions limit  Customer Service  Customer Protection and grievance redressal In addition to the above, we have the following risk mitigation measures : a. Two factor authentication: - Our authentication matrix involve two factors:- mPIN (what you know) & OTP (what you have). Transactions valuing less than Rs. 2,000/- will be permitted through single factor and beyond Rs. 2,000/- are authenticated by two factors. Customers are notified of these with choice to customers to exercise option.

b. De-dupe system:- We have developed a de-dupe system in which customers are allowed to create any one account in our system.

c. Blacklist validation:- We undertake this validation as part of our KYC/AML policy.

K) Review :-

The policy shall be reviewed at annual intervals or at such periodic intervals when it is deemed necessary or if there is any regulatory changes necessitating such reviews.