View: AML Framework and Organisational Set-up in India

Anti-Money Laundering (AML) regulations in India are governed by the PMLA (Prevention of Money Laundering Act, 2002), which requires financial institutions and other entities to implement robust measures to detect and prevent money laundering activities.

The PMLA lays down the broad framework for AML compliance requirements applicable to banking companies, financial institutions, and other intermediaries.

PMLA envisages certain record-keeping and reporting obligations for financial institutions and persons carrying on designated business or profession. Persons carrying on designated business or profession are defined in Clause (s) of sub-section (1) of Section 2 of the PMLA. Sub-clause (vi) of the said clause includes within the ambit of ‘person carrying on designated business or profession’ persons carrying on such other activities as the Central Government may, by notification, designate from time to time.

The Prevention of Money Laundering Act, 2002 (“PMLA”), and the rules issued thereunder (“PML Rules”), provide the key legislative framework for the prosecution of money laundering.  The primary legal authority responsible for investigating and prosecuting money laundering offences under the PMLA at the national level is the Directorate of Enforcement (“ED”), under the aegis of the Department of Revenue, Ministry of Finance.

The ED, established under the aegis of the Department of Revenue, Ministry of Finance, is the primary authority responsible for investigating and prosecuting money laundering.  The ED is empowered to initiate proceedings for the attachment of property and launch proceedings in the designated Special Court for the offence of money laundering.  The Financial Intelligence Unit – India (“FIU”) under the Department of Revenue, Ministry of Finance, is the central national agency responsible for receiving, processing, analysing, and disseminating information relating to suspect financial transactions to enforcement agencies and foreign FIUs.

The Prevention of Money Laundering Act, 2002 (PMLA), together with the rules and regulations prescribed by regulators such as the Reserve Bank of India (RBI), the Securities and Exchange Board of India (SEBI), and the Insurance Regulatory and Development Authority of India (IRDAI), sets out the broad AML framework in India. CBI, Income Tax Department, and Registrar of Companies are empowered to enforce AML guidelines besides, RBI, SEBI, and IRDAI.

Financial Intelligence Unit – India (FIU-IND) is an organisation under the Department of Revenue, Government of India which collects financial intelligence about offences under the Prevention of Money Laundering Act, 2002. In terms of Rule 2 (wa) read with Rule 2 (sa) of PMLA, all Service Providers (SPs) are required to register as Reporting Entities with FIU-IND. As part of RE registration, SPs must disclose their account details with Banks/FIs where they hold accounts for transactions as well as for holding Client Money.

To combat the menace of money laundering, terror financing, proliferation financing, and other related serious crimes, Rule 7(3) of the PMLR casts an obligation on every reporting entity to evolve an internal mechanism in respect of these guidelines to detect transactions as specified under Rule 3(1) and furnishing information about such transactions to FIU-IND.

An AML program should cater to the requirements and risks of an organization. The PMLA and the PML Rules subject all Reporting Entities to AML requirements such as customer identification, CDD, customer acceptance, and the tracking and reporting of some prescribed transactions that may qualify as proceeds of crime under the PMLA.  Under the PML Rules, financial regulators such as the RBI, SEBI, and IRDAI are empowered to issue guidelines and directions in connection with the compliance that the respective Reporting Entities must adhere to. The obligation of reporting entities to effectively serve to prevent and impede money laundering and terrorist financing and to observe such internal controls not only by them but also by their Designated Director, officers, and employees is a legal requirement under Rule 7(4) of the PMLR.

One critical step for guaranteeing 100% AML compliance is to have dedicated and adequate resources to manage the entity’s AML obligations, i.e., a solid in-house AML compliance department. Such a department carries out all the tasks and activities mandatory for entities to adhere to the Prevention of Money Laundering Act (PMLA), with the AML Principal Officer overseeing the AML compliance and reporting requirements of the organization.
An AML program should cater to the requirements and risks of an organization. As different organizations and their operations may pose different risks, the program must be tailored to the needs of the organization. While AML requirement standards need to be met, there is no one-size-fits-all approach to creating a compliance program. Banks are following a risk-based approach to AML compliance. A risk-based approach to AML/CFT means that banks are expected to identify, assess, and understand the ML/TF risks to which they are exposed and take appropriate measures for the identified risks to mitigate them effectively. This ensures that the AML compliance programme is resilient and proactive (rather than meeting a minimum threshold), and not in tune with the current risks that the organisation may be facing.

Every AML program should have a compliance officer, resources dedicated to compliance, AML compliance policies, key controls and procedures, effective tools, and a strong compliance framework within an organization. An AML program should cater to the requirements and risks of an organization.

Under PMLA provisions, there is no minimum investment threshold or category exemption for Reporting Entities carrying out CDD measures. Customer Due Diligence (CDD) involves four key requirements: Identifying and verifying the customer’s identity using reliable sources. However, the 2005 Rules mandate Reporting Entities to maintain records of certain transactions, including all cash transactions of more than INR 1,000,000 or their equivalent in foreign currency (“Prescribed Value”); any series of interconnected transactions that may cumulatively amount to the Prescribed Value; transactions involving receipts by NPOs of an amount greater than the Prescribed Value; all cash transactions involving forged or counterfeit currency notes or bank notes being used as genuine; all cross-border wire transfers of the value of more than INR 5 lakhs; all purchases and sales of immovable property by any person valued at INR 50 lakhs or more; and suspicious transactions, regardless of whether the transactions are effected in cash.  These records are to be maintained for five years from the date of the transaction between the client and the Reporting Entity, or from the date when the account has been closed, whichever is later.

The obligation of reporting entities to effectively serve to prevent and impede money laundering and terrorist financing and to observe such internal controls not only by them but also by their Designated Director, officers, and employees is a legal requirement under Rule 7(4) of the PMLR. To discharge the statutory responsibility to detect possible attempts of money laundering, financing of terrorism, or proliferation financing, every SP must have a robust AML/CFT/CPF program in place.

 India has not enacted any special legislation for the governance of cryptocurrencies.  However, the PMLA has been amended by Notification (No. S.O. 1072(E) dated March 7, 2023), including intermediaries trading in Virtual Digital Assets (“VDAs”) and further qualifying them as Reporting Entities.  Further, it was clarified that “virtual digital asset” shall have the same meaning assigned to it in clause 47(A) of Section 2 of the Income Tax Act, 1961.

To discharge the statutory responsibility to detect possible attempts of money laundering, financing of terrorism, or proliferation financing, every SP must have a robust AML/CFT/CPF program in place.  Every AML program should have a compliance officer, resources dedicated to compliance, AML compliance policies, key controls and procedures, effective tools, and a strong compliance framework within an organization.

Related Posts: