Under the Prevention of Money Laundering Act (PMLA), reporting entities are entrusted with the duty to maintain prescribed records and report specified transactions to the authority designated under the Act. This authority, referred to as the Director, is supported by a hierarchy of officers, including the Additional Director, Joint Director, Deputy Director, and Assistant Director. These officers are vested with powers to ensure compliance and enforcement under the Act.
The Financial Intelligence Unit-India (FIU-IND), functioning under the Ministry of Finance, is tasked with receiving and analyzing information related to suspicious financial transactions. The FIU-IND plays a central role in India’s anti-money laundering framework by acting as the recipient and evaluator of transaction reports submitted by reporting entities.
Definition of a Reporting Entity
The term ‘reporting entity’ is defined under section 2(wa) of the PMLA. It includes banking companies, financial institutions, intermediaries, or any person carrying on a designated business or profession. These entities are legally obligated to identify and verify clients, maintain transaction records, and inform the Director of transactions of interest.
A banking company includes those governed by the Banking Regulation Act, 1949, and cooperative banks falling under section 51 of that Act. Although cooperative banks are typically excluded from the traditional definition of a banking company, the PMLA explicitly includes them within its scope. This expansion ensures that all institutions potentially involved in converting unaccounted funds into legitimate assets are covered under the anti-money laundering framework.
Verification of Client Identity
To strengthen customer due diligence measures, the PMLA includes specific provisions for verifying the identity of clients and beneficial owners. As per section 11A, introduced with effect from 25 July 2019, such identity may be verified using Aadhaar, passport, or other documents notified by the government. The objective is to ensure authenticity and traceability in financial transactions.
Several regulatory and infrastructure institutions have been notified as reporting entities authorized to conduct Aadhaar-based authentication. Notifications have designated authorities, such as stock exchanges and depositories, to undertake this responsibility. These include major infrastructure providers like NSDL e-Governance Infrastructure Limited and the National Payments Corporation of India (NPCI), which are empowered to perform Aadhaar authentication services.
Role of NPCI and the e-KYC Setu System
NPCI has introduced the e-KYC Setu system to enable reporting entities to verify client identity without direct access to the Aadhaar number. This system allows for secure and private identity verification in compliance with the regulations prescribed under the Aadhaar Act.
The process involves NPCI performing the authentication and sharing the last four digits of the Aadhaar number along with relevant demographic details digitally signed by them. These details are shared with the reporting entity, which then uses them to confirm the identity of the client or beneficial owner. Importantly, this process ensures data minimization and privacy while achieving the goals of identity verification under the PMLA framework.
Entities intending to use this system must be approved and onboarded by NPCI. The onboarding process requires regulatory clearance to ensure the entity is legally authorized to conduct financial business and perform client verification. A maintained list of onboarded entities facilitates transparency and governance over the use of e-KYC Setu.
Designated Business or Profession under the PMLA
The PMLA includes within the scope of reporting entities not only traditional financial institutions but also persons engaged in specific designated businesses or professions. Section 2(1)(sa) defines such persons and includes categories such as:
Persons conducting games of chance or operating casinos
Inspectors General of Registration as notified by the government
Real estate agents with turnover above the prescribed threshold
Dealers in precious metals, stones, or high-value items
Entities involved in safekeeping or the administration of cash and securities
Persons carrying on other activities notified by the Central Government
Each of these entities, when engaged in financial transactions as specified under the Act, assumes reporting obligations under section 12 of the PMLA. They must identify and verify clients, maintain records, and report transactions by law.
Notifications Covering Specific Businesses
Various government notifications have extended the coverage of the PMLA to additional professions and businesses. For example, multi-state cooperative societies have been brought under the scope of reporting entities through a notification issued in 2018. Similarly, real estate agents,, as defined under the Real Estate Regulation and Development Act,with turnover of Rs 20 lakhs and above,, are now considered reporting entities.
Dealers in precious metals and stones engaging in cash transactions of Rs 10 lakhs or more have also been notified as designated businesses under the PMLA. In the evolving financial landscape, businesses dealing in virtual digital assets have been included under the definition of reporting entities through a notification issued in March 2023.
Coverage of Professionals and Formation Agents
Certain professionals, such as chartered accountants, cost accountants, company secretaries, and persons involved in the formation and management of legal entities, are now covered under the PMLA. When these professionals undertake financial transactions on behalf of clients about property purchases, fund management, bank account operations, or company formation, they assume the responsibilities of reporting entities.
In May 2023, the government notified that persons acting as company formation agents, trustees, or nominee shareholders, or providing registered addresses for companies, are also considered reporting entities if they perform such activities on behalf of another person. These roles are considered high-risk for potential money laundering operations, and hence are brought within the purview of PMLA reporting obligations.
Clarifications on Exclusions
To avoid unnecessary burden on low-risk or routine activities, the government has also clarified which activities are excluded from the definition of a reporting entity. These include activities under a lease or tenancy agreement that are subject to tax deduction under section 194-I of the Income-tax Act. Similarly, employees acting on behalf of their employers or advocates involved only in company formation filings under the Companies Act are excluded.
Additionally, intermediaries already covered under the PMLA as per section 2(1)(n) are not included again under the new notifications to avoid duplication of responsibilities.
Appointment of Authorities and Regulatory Oversight
The authority responsible for receiving information and overseeing compliance by reporting entities is the Director, FIU-IND. This official operates under section 49(1) of the PMLA and is vested with exclusive powers for this purpose. The Central Board of Indirect Taxes and Customs (CBI&C) has been designated as the authority under rule 2(1)(fa) of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005.
These rules outline the operational framework for reporting entities and enable the Director to enforce compliance, collect information, and take action against defaulting entities.
Definition of Intermediary and Its Coverage
Section 2(1)(n) of the PMLA defines ‘intermediary’ to include a wide range of market participants registered with regulatory bodies like the Securities and Exchange Board of India (SEBI). These include stockbrokers, share transfer agents, bankers to an issue, merchant bankers, underwriters, investment advisers, and portfolio managers. Associations recognized under the Forward Contracts Regulation Act and intermediaries appointed by the Pension Fund Regulatory and Development Authority are also included.
These entities, by their role in securities and financial markets, are exposed to money laundering risks and are therefore bound by the reporting and record-keeping obligations prescribed by the PMLA.
Financial Institutions and Payment System Operators
Financial institutions under the PMLA include payment system operators as defined in section 2(1)(rc). A payment system operator is a person who operates a payment system and may include their overseas principal. The payment system itself is broadly defined to cover systems enabling transactions through credit cards, debit cards, smart cards, and money transfer operations.
Given the digital nature and speed of such systems, they are susceptible to misuse for money laundering. Hence, operators of these systems are treated as financial institutions and required to comply with reporting requirements under the PMLA. This ensures that all possible channels for laundering illicit funds are under regulatory watch.
Maintaining Transaction Records by Reporting Entities
As per section 12(1) of the Prevention of Money Laundering Act, every reporting entity is mandated to maintain a record of all transactions, whether a single transaction or a series of integrally connected transactions, that match the nature and value prescribed under the law. These records must be maintained accurately and securely, ensuring they are made available to the Director of the Financial Intelligence Unit-India (FIU-IND) upon request or within the time frame prescribed by law.
The intention behind this requirement is to create an audit trail and to ensure that all potentially suspicious or high-value transactions are available for regulatory scrutiny. Such transparency plays a vital role in detecting and curbing illegal monetary activity.
Confidentiality of Client Information
While maintaining records and submitting transaction reports, the reporting entity must ensure the confidentiality of the client’s identity and other related details. This confidentiality is critical for protecting the privacy rights of individuals and organizations while ensuring compliance with regulatory requirements.
The Act explicitly requires that the information obtained in the course of performing obligations under the PMLA shall not be disclosed to any other party, except as required under the law. Maintaining a secure record-keeping system and limiting access to authorized personnel is a necessary compliance measure.
Duration for Which Records Are to Be Maintained
The reporting entity is required to retain transaction records and identity verification documents for five years. This five-year period is to be counted either from the date of the transaction or from the date when the business relationship between the client and the reporting entity comes to an end, whichever is later.
This requirement ensures that the authorities can retrospectively analyze transactions over a reasonable period in case of a money laundering investigation. It also aligns with international anti-money laundering (AML) standards and Financial Action Task Force (FATF) recommendations.
Procedure and Manner of Furnishing Information
Under section 15 of the PMLA, the manner and procedure for furnishing transaction information by reporting entities shall be prescribed by the Central Government. These procedures may include the format of submission, digital compliance norms, timelines, classification of transactions, and verification protocols.
This delegation to the government enables flexibility in laying down specific guidelines suited to changing economic practices, digital advancements, and new methods of laundering money. It ensures that the framework remains dynamic and responsive.
Role of the Director, Financial Intelligence Unit-India
The Director of the Financial Intelligence Unit-India is entrusted with the responsibility of receiving, analyzing, and directing further investigation based on the information submitted by reporting entities. Located in New Delhi, the Director acts under the Ministry of Finance and is empowered to enforce provisions of the PMLA with exclusive jurisdiction in matters related to financial intelligence.
The FIU-IND plays a pivotal role in analyzing data for trends, patterns, and potential threats. It also cooperates with domestic law enforcement agencies and international counterparts to fight cross-border money laundering operations.
Anti-Money Laundering Guidelines
In order to facilitate better compliance by reporting entities, the Department of Revenue issued comprehensive guidelines on anti-money laundering standards. These guidelines include prescribed formats for data maintenance, mechanisms for identification of suspicious transactions, and expected roles of designated compliance officers within organizations.
These guidelines aim to establish internal systems and controls to detect and prevent activities related to money laundering or terrorism financing. Reporting entities are expected to implement these systems and ensure internal training and awareness of relevant staff.
Due Diligence in Case of Specified Transactions
Reporting entities are required to exercise due diligence in the case of specified transactions. These transactions are considered high risk and thus require enhanced scrutiny under the provisions of the Act. The definition of ‘specified transaction’ is provided in section 12AA of the PMLA.
A specified transaction includes any transaction that involves cash deposits or withdrawals exceeding a certain threshold, foreign exchange dealings, high-value imports, or transactions otherwise notified as high risk by the Central Government. These transactions demand additional verification and documentation to establish the identity of the parties and the legitimacy of the funds.
Definition of Specified Transaction
The Act defines specified transactions to include:
Cash withdrawals or deposits exceeding a notified limit
Foreign exchange transactions above a specified amount
High-value imports and cross-border remittances
Any transaction or class of transactions prescribed by the government in the interest of national revenue, or where the risk of money laundering or terrorist financing is considered high
The inclusion of the term ‘as may be prescribed’ allows for a flexible, responsive legal framework that can adapt to emerging threats and evolving financial trends. It gives the Central Government the power to notify transactions based on the perceived risk at any point in time.
Enhanced Due Diligence for Specified Transactions
Before entering into a specified transaction, the reporting entity must carry out enhanced due diligence. This includes verifying the identity of the client through prescribed methods, examining the financial standing and ownership of the client, and recording the intent and nature of the transaction.
The enhanced due diligence process includes three key components under section 12AA(1):
Verification of client identity through Aadhaar authentication or other prescribed modes for individuals who are not eligible for Aadhaar
Detailed examination of the client’s financial background, including income sources and ownership of funds involved in the transaction
Collection and documentation of information regarding the purpose of the transaction and the nature of the relationship between the parties involved
These steps ensure that suspicious activities are flagged before they are completed and that there is a preventive layer to money laundering attempts, rather than a reactive approach after the funds have already moved.
Aadhaar Authentication in Enhanced Due Diligence
Wherever feasible, the reporting entity must use Aadhaar-based authentication to verify the identity of the client. However, in cases where the client is not entitled to an Aadhaar number, alternative methods as prescribed by the government may be used. The law is sensitive to the privacy rights and legal entitlements of individuals, and hence provides for flexibility in methods of identity verification.
Notifications have been issued authorizing multiple agencies to perform Aadhaar-based verification. For instance, stock exchanges, depositories, and specialized service providers like NSDL and NPCI have been assigned this task. These organizations operate under regulatory oversight and must follow strict protocols to ensure the privacy and security of client data.
Additional Steps in Enhanced Due Diligence
Apart from basic verification, the reporting entity is expected to take further steps in understanding the client’s background. These steps include:
Evaluating ownership structures to identify the beneficial owner
Assessing financial position and source of funds
Analyzing the economic rationale behind the transaction
Establishing the purpose and intended nature of the business relationship
These measures ensure that reporting entities are not merely processing transactions mechanically but are actively monitoring them to detect and prevent money laundering. This process not only protects the financial system from abuse but also builds trust and credibility in regulated markets.
Purpose of Enhanced Due Diligence
The enhanced due diligence measures aim to deter money laundering and terror financing by increasing the regulatory oversight over suspicious and high-value transactions. The idea is to make it more difficult for illegal actors to route their funds through formal financial channels by compelling entities to question and verify large or unusual transactions.
By implementing these practices, India complies with international AML and Countering Financing of Terrorism (CFT) standards, particularly those set by the Financial Action Task Force (FATF). The objective is not merely domestic compliance but also alignment with global efforts to fight illicit finance.
Prohibition on Conducting Transactions Without Compliance
Section 12AA(2) of the PMLA provides that if a client fails to fulfill the conditions of enhanced due diligence, the reporting entity shall not proceed with the specified transaction. This legal provision imposes an obligation on the entity to withhold processing or approval of the transaction unless all required verifications and inquiries are satisfactorily completed.
This clause provides a strong legal backing for reporting entities to reject business when compliance requirements are not met, thereby reducing the likelihood of being used as a conduit for money laundering. It also sends a strong message that business cannot override regulatory integrity.
Enhanced Due Diligence Measures (Section 12AA)
Under the Prevention of Money Laundering Act (PMLA), Section 12AA prescribes enhanced due diligence (EDD) requirements for reporting entities before undertaking specified transactions. These transactions include cash withdrawals and deposits exceeding a certain limit, foreign exchange transactions, high-value imports and remittances, and other transactions as may be prescribed. EDD aims to ensure that transactions are not being carried out to launder money or to finance terrorism. Under these provisions, reporting entities are required to verify the identity of the client using Aadhaar authentication, in the case of individuals, and by other modes as may be prescribed for other clients. Additionally, the purpose and intended nature of the transaction must be understood and documented. The origin of the funds must also be ascertained, particularly when the transaction involves a large sum or is deemed suspicious. If a client fails to fulfill the EDD requirements, the reporting entity must not allow the transaction to proceed. Moreover, the entity is required to increase monitoring of the relationship with the client, especially if the client is engaged in a business that presents a higher risk of money laundering. These procedures are designed to provide greater scrutiny of clients and their transactions to prevent the use of financial systems for unlawful activities.
Record Maintenance and Retention
One of the core obligations under the PMLA is that reporting entities must maintain detailed records of all transactions and client identities. These records must be retained for a minimum of five years from the date of the transaction or the cessation of the business relationship, whichever is later. The record should be sufficient to permit reconstruction of individual transactions, including the nature, amount, and date, as well as the parties involved. Further, records of identity and address proofs collected during client onboarding must also be preserved. This retention enables enforcement agencies to access historical data during investigations of money laundering activities. Maintenance of such records is essential for ensuring accountability and compliance with PMLA. The Financial Intelligence Unit – India (FIU-IND) or other designated authorities may inspect these records during audits or investigations. Non-compliance in maintaining or retaining the required documentation can lead to regulatory penalties and increased scrutiny. Accordingly, reporting entities often implement structured document management systems to facilitate quick retrieval of records and ensure audit readiness. The technological systems used must ensure data security, integrity, and confidentiality.
Confidentiality and Protection of Information
Confidentiality plays a crucial role in the functioning of reporting entities under the PMLA framework. Any information obtained or maintained during client identification or transaction monitoring must be kept confidential and should not be disclosed to any unauthorized party. Even while filing a suspicious transaction report (STR), the client should not be informed or tipped off that such a report has been submitted to the FIU. This is known as the prohibition of tipping-off, and its breach can compromise ongoing investigations and enforcement actions. Furthermore, employees handling sensitive information must be trained on data confidentiality practices. This includes limiting access to client KYC and transaction data to only those employees who need the information for official purposes. Entities are also advised to put in place internal mechanisms and firewalls to prevent unauthorized access or data leakage. The obligation to maintain confidentiality extends even after the termination of the business relationship with the client. Any breach of this duty may attract strict penalties under the PMLA and associated rules. Therefore, developing a culture of privacy and discretion within the organization is fundamental to ensuring compliance.
Reporting of Suspicious Transactions
A key aspect of PMLA compliance is the timely and accurate reporting of suspicious transactions. Suspicious Transaction Reports (STRs) are to be filed by reporting entities with the FIU-IND when they suspect that a transaction involves proceeds of crime or is related to money laundering or terrorist financing, regardless of the transaction amount. An STR must be filed within seven working days of establishing suspicion. What qualifies as suspicious includes complex or unusually large transactions, transactions that do not have an apparent economic or lawful purpose, or those that are inconsistent with the known profile of the customer. The compliance officer is typically responsible for reviewing such transactions and deciding whether they warrant an STR. Importantly, the identity of the person making the report and the report contents are kept confidential. A reporting entity is required to ensure that all relevant employees are trained to recognize red flags or indicators of suspicious activity. STRs serve as crucial intelligence for law enforcement and financial regulators in tracking illicit financial flows. Hence, reporting entities must treat the filing of STRs as a critical part of their AML framework. Failure to report suspicious transactions may result in regulatory sanctions and damage to the reputation of the reporting entity.
Maintenance of Records
Every reporting entity is required to maintain the records of all transactions, as prescribed under the PMLA, in such a manner that individual transactions can be reconstructed. These include records related to:
- All cash transactions of the value of more than ten lakh rupees or its equivalent in foreign currency.
- A series of cash transactions integrally connected and valued below ten lakh rupees, where such a series of transactions hastaken place within a month and the aggregate value exceeds ten lakh rupees.
- All suspicious transactions, whether or not made in cash, and by whatever mode they are carried out.
- All cross-border wire transfers of the value of more than five lakh rupees or its equivalent in foreign currency.
The records must be maintained in a manner that allows quick retrieval of information and facilitates efficient data analysis by competent authorities. The minimum period for which the records must be retained is ten years from the date of the transaction.
Retention of Documents
Apart from maintaining records of transactions, reporting entities are also required to retain the documents obtained while establishing the identity of clients, such as KYC documents, account files, and business correspondence. These must be kept for a minimum period of five years after the business relationship is ended or the account is closed, whichever is later.
This retention requirement helps facilitate any investigation that may be conducted by law enforcement agencies. Retaining these documents also ensures that the entity can comply with any future requests by authorities for information relating to past transactions or clients.
Confidentiality and Protection
All information maintained, furnished, or verified under the PMLA by the reporting entities is kept confidential. However, such information can be disclosed:
- For the Act;
- Under any law;
- As may be required by an order of a competent court.
Employees and officers of reporting entities are bound to maintain the confidentiality of the records and information they handle under the Act. Unauthorized disclosure may attract penalties under both the PMLA and other applicable laws.
Consequences of Non-Compliance
Failure to comply with the obligations laid down under the PMLA can have serious consequences. These include:
- Monetary penalty: The Director of FIU-IND may impose a fine of up to one lakh rupees for each failure to comply with the obligations under the Act.
- Direction to take corrective action: In addition to imposing penalties, authorities may direct the reporting entity to take specific actions to rectify any deficiencies.
- Enhanced scrutiny and inspections: Repeated failures or serious breaches can lead to enhanced scrutiny by regulators, including special audits or inspections.
- Criminal liability: In cases where non-compliance is deliberate and intended to facilitate money laundering, criminal prosecution may also be initiated.
Oversight by Regulators
Regulators such as the Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI), Insurance Regulatory and Development Authority (IRDA), and others are empowered to monitor and enforce compliance with the obligations under the PMLA. They may issue circulars, guidelines, and compliance instructions specific to the entities they regulate.
Reporting entities are expected to align their internal policies and procedures with these sectoral guidelines. Regular internal audits, training programs for staff, and periodic compliance assessments are considered best practices to ensure ongoing compliance.
Technological Measures
With the increasing reliance on digital systems and online platforms, reporting entities are encouraged to use technological tools to:
- Monitor customer transactions in real-time;
- Generate automatic alerts for suspicious activities.
- Maintain secure databases for storing KYC and transaction records;
- Facilitate online reporting to FIU-IND.
These systems should be capable of identifying patterns and anomalies that might indicate potential money laundering activities. Cybersecurity protocols must also be in place to ensure the integrity and confidentiality of the data.
Conclusion
The Prevention of Money Laundering Act (PMLA) imposes significant responsibilities on reporting entities to detect and prevent money laundering. These responsibilities span from customer due diligence and transaction monitoring to record-keeping and prompt reporting. Failure to comply can lead to regulatory penalties, reputational damage, and even criminal prosecution.
To discharge these duties effectively, reporting entities must invest in robust compliance frameworks, ongoing employee training, and advanced technology solutions. A proactive and structured approach not only ensures legal compliance but also strengthens the integrity of the financial system and helps build public trust.