Free Invoice Generator – Luzenta

The Prevention of Money Laundering Act (PMLA) imposes a legal obligation on every reporting entity to maintain specific records and report prescribed transactions to the authority designated under the Act. According to Section 12 of the PMLA, this authority is referred to as the Director, who may be appointed as the Director, Additional Director, Joint Director, Deputy Director, or Assistant Director under the PMLA framework. These authorities are granted various enforcement and supervisory powers under the Act.

The Financial Intelligence Unit – India (FIU-IND), functioning under the Ministry of Finance, is the agency responsible for receiving and analyzing information from reporting entities under the Act. It plays a central role in ensuring compliance with the statutory requirements laid out in the PMLA.

Definition of Reporting Entity Under PMLA

The PMLA defines a reporting entity as including banking companies, financial institutions, intermediaries, or persons engaged in designated businesses or professions, as laid down in Section 2(wa) of the Act. A banking company for the PMLA includes not only traditional banks governed by the Banking Regulation Act, 1949, but also cooperative banks and banking institutions referenced in Section 51 of the same Act. This inclusion ensures that even cooperative banks, which typically fall outside the conventional definition of a banking company, are brought within the regulatory scope of the PMLA.

Verification of Identity Using Aadhaar and Other Notified Documents

A critical responsibility of reporting entities involves the verification of the identity of clients or beneficial owners. The verification may be conducted using an Aadhaar number on an optional basis or through a passport or any other document notified by the government. This requirement is aligned with Section 11A of the PMLA, introduced with effect from 25 July 2019. To facilitate this, several authorities and entities have been authorized to act as reporting entities for Aadhaar authentication purposes. These include institutions like BSE, NSDL, and CDSL, as notified under relevant government notifications.

NSDL e-Governance Infrastructure Limited has been specifically notified to undertake Aadhaar authentication services by the provisions of the Aadhaar Act. The National Payments Corporation of India (NPCI) has also been authorized to act as a reporting entity for Aadhaar authentication.

Aadhaar Authentication via e-KYC Setu System

A system called the e-KYC Setu has been introduced to streamline the authentication of Aadhaar information. This system, managed by NPCI, allows a reporting entity to verify the identity of a client or beneficial owner without obtaining direct access to the full Aadhaar number of the individual. NPCI is responsible for ensuring that Aadhaar authentication is carried out by the regulations of the Unique Identification Authority of India (UIDAI). Upon successful authentication, NPCI shares only the last four digits of the Aadhaar number along with demographic details, digitally signed, with the reporting entity. These details are then used by the reporting entity to confirm the identity of the client.

A list of all entities onboarded for authentication through e-KYC Setu is maintained by NPCI. Before onboarding, NPCI ensures that the entity fulfills all regulatory requirements and possesses the necessary clearance to carry out financial activities for which identity authentication is required.

Inclusion of Persons Carrying on Designated Business or Profession

The PMLA extends its coverage to individuals and organizations engaged in designated businesses or professions. Section 2(1)(sa) of the Act outlines the scope of this inclusion. It encompasses a variety of entities and professionals involved in financial transactions or activities susceptible to money laundering. These include individuals engaged in games of chance such as casinos, inspectors general of registration under the Registration Act, real estate agents, dealers in precious metals and stones, and persons involved in safekeeping or administration of cash and liquid securities.

Multi-State Cooperative Societies have been designated as entities carrying on designated business or profession through a government notification. Real estate agents, as defined under the Real Estate (Regulation and Development) Act, 2016, with turnover exceeding Rs 20 lakhs, are also included in this category. Dealers in precious metals or stones engaging in cash transactions exceeding Rs 10 lakhs likewise fall within the definition.

Inclusion of Virtual Digital Asset Businesses and Professionals

The scope of reporting entities has been broadened further to include businesses dealing with virtual digital assets. A specific notification classifies such businesses under Section 2(1)(sa)(vi) of the PMLA, thereby mandating them to maintain records and report transactions to the Director. Additionally, professionals such as Chartered Accountants, Cost Accountants, and Company Secretaries conducting certain financial transactions on behalf of clients are also designated as reporting entities.

These transactions include buying or selling immovable property, managing client assets, managing bank or securities accounts, organizing contributions for business entities, and creating or managing companies, LLPs, or trusts. Even transactions involving the buying and selling of business entities are included. These obligations have been established through government notifications to ensure comprehensive regulation of professionals handling significant financial operations.

Notification of Persons Involved in the Formation and Management of Companies

Further clarification has been provided through notifications to include individuals acting on behalf of others in company or LLP formation and management under the PMLA. Such individuals may be agents, directors, secretaries, trustees, or nominee shareholders acting for another person. These roles are recognized as significant in preventing misuse for money laundering purposes.

There are specific exclusions to this categorization to avoid overregulation. These exclusions include individuals involved in property lease agreements where income is subject to tax deduction under Section 194-I of the Income Tax Act, employees performing duties on behalf of their employers, and professionals merely engaged in filing company formation declarations under Section 7(1)(b) of the Companies Act, 2013.

Regulatory Authority and Oversight Mechanism

To regulate these entities and enforce compliance, the Director of the Financial Intelligence Unit, India, has been designated as the regulator. This is specified under Explanation 2 inserted by the government in 2023. The regulatory structure ensures that all designated reporting entities fulfill their responsibilities under the Act, including the maintenance of records and reporting of suspicious or specified transactions.

The Central Board of Indirect Taxes and Customs (CBIC) is also designated as an authority under Rule 2(1)(fa) of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005. This expands oversight capacity and ensures compliance across a broader range of financial and business entities.

Definition and Role of Intermediaries as Reporting Entities

The term ‘intermediary’ under the PMLA includes a range of entities involved in the securities market and financial advisory services. These include stockbrokers, share transfer agents, merchant bankers, registrars, underwriters, portfolio managers, investment advisers, and other SEBI-registered intermediaries. It also includes entities associated with the Forward Contracts Regulation Act, intermediaries appointed by the Pension Fund Regulatory and Development Authority (PFRDA), and recognized stock exchanges. The inclusion of such a broad category ensures that capital market activities are monitored for potential money laundering risks.

Role of Payment System Operators as Financial Institutions

The definition of a financial institution under the PMLA includes payment system operators. These operators are defined as individuals or organizations that manage a payment system, including their overseas principals. A payment system refers to a setup that enables the transfer of funds between a payer and a beneficiary. It includes systems that handle credit card, debit card, smart card, and money transfer operations.

By including payment systems within the scope of financial institutions, the PMLA attempts to prevent the misuse of electronic and digital platforms for laundering illicit funds. This ensures that the entire spectrum of modern financial transactions is regulated under the Act.

Under Section 12(1) of the Prevention of Money Laundering Act, every reporting entity is required to maintain records of all transactions that fall under a specified nature and value. These may consist of a single transaction or a series of transactions that are integrally connected. This provision intends to ensure that transactions that may potentially relate to money laundering are adequately documented and available for scrutiny by the designated authorities. This requirement applies uniformly to all entities classified as reporting entities under the Act, including banks, financial institutions, intermediaries, and designated professionals.

The nature and value of transactions that must be recorded are prescribed by the Central Government through rules made under the Act. The information must be reported to the Director of the Financial Intelligence Unit-India (FIU-IND) within the timeline prescribed under the relevant rules. The details of the transactions, once recorded and reported, are to be treated with strict confidentiality. This confidentiality obligation applies to both the content of the transactions and the identity of the clients involved.

Duration for Maintaining Records by Reporting Entities

According to Section 12(3) of the PMLA, the reporting entity is required to maintain the records for five years. This period begins either from the date of the transaction or from the date of cessation of the business relationship with the client, whichever is later. The purpose of this extended retention period is to facilitate ongoing monitoring and retrospective investigation, should the need arise. The retention of these records ensures that the reporting entity can support law enforcement authorities in identifying trends, verifying client history, and tracing the movement of funds that may be connected to unlawful activities.

Procedure for Furnishing Information to the Director

The manner and procedure for furnishing the transaction information to the Director of FIU-IND is to be prescribed by the Central Government under Section 15 of the Act. The FIU-IND has been designated as the nodal agency to receive such information and exercise exclusive powers in this regard. The reporting entity must submit the information in the prescribed format and within the prescribed timelines to avoid penalties under the Act. The agency responsible for implementing these provisions is headquartered in New Delhi and operates under the Ministry of Finance.

Anti-Money Laundering Guidelines by the Department of Revenue

The Department of Revenue has issued anti-money laundering guidelines to aid reporting entities in complying with their legal responsibilities. These guidelines provide practical steps for record maintenance, risk assessment, client verification, suspicious transaction reporting, and internal compliance mechanisms. These rules serve to complement the statutory provisions of the PMLA and ensure consistency in the interpretation and implementation of compliance obligations across the financial sector.

Obligation to Exercise Due Diligence for Specified Transactions

Section 12AA of the PMLA, inserted with effect from 1 August 2019, mandates reporting entities to exercise due diligence in respect of certain specified transactions. The reporting entity must adopt measures to verify client identity, understand the source of funds, and determine the rationale behind the transaction. These due diligence requirements are particularly important for transactions considered high risk or of significant value. The goal is to mitigate the risk of laundering proceeds from criminal activities, including terrorism financing.

The specified transactions under this section include cash deposits or withdrawals above a specified limit, high-value foreign exchange transactions, large-scale imports or remittances, and other categories that may be notified by the government from time to time in the interest of revenue or national security. The phrase “as may be prescribed” applies to all such transactions, giving the government flexibility to expand or modify the scope based on emerging threats.

Enhanced Due Diligence for High-Risk Transactions

Before undertaking any specified transaction, reporting entities are required to ensure enhanced due diligence measures. This includes verifying the identity of the client through Aadhaar authentication under the Aadhaar Act or by other means if the individual is not eligible for Aadhaar. The verification must be performed under the procedures and safeguards prescribed under the law.

In addition to identity verification, reporting entities must examine the ownership structure of the client and assess their financial position. This involves determining the source of funds used in the transaction and obtaining additional documentation if necessary. The purpose behind the transaction must also be identified and recorded to ensure that the parties involved are not engaging in transactions with illicit objectives. These measures help the reporting entity identify suspicious patterns and prevent misuse of financial services.

Aadhaar Authentication by Designated Authorities

Various regulatory and financial authorities have been authorized to carry out Aadhaar authentication for client verification. These include stock exchanges, depositories, and other financial service providers. Notifications have been issued to bring these entities within the ambit of reporting entities for Aadhaar-based verification under Section 11A of the PMLA. The NSDL e-Governance Infrastructure Limited and the National Payments Corporation of India have been empowered to perform Aadhaar authentication through a secure process that maintains data confidentiality.

Further, the Reserve Bank of India has issued notifications empowering certain companies to authenticate Aadhaar numbers. These steps reinforce the government’s commitment to utilizing digital infrastructure for ensuring effective compliance under the PMLA.

E-KYC Setu System for Confidential Aadhaar Verification

The e-KYC Setu system introduced by the National Payments Corporation of India offers a secure method for Aadhaar verification. This system ensures that while authentication is performed using the Aadhaar number, the full Aadhaar number is not disclosed to the reporting entity. The NPCI transmits only the last four digits of the Aadhaar number along with demographic data, all digitally signed, to the reporting entity. This method ensures privacy protection while facilitating compliance with enhanced due diligence requirements.

NPCI also maintains a registry of all entities onboarded for Aadhaar authentication through e-KYC Setu. It is responsible for ensuring that each entity meets all regulatory requirements, including licensing and financial conduct compliance, before being permitted to use the system for identity verification.

Record Keeping and Reporting Obligations Apply Across Entities

The PMLA’s record-keeping and reporting obligations apply not only to traditional banks and financial institutions but also to professionals, intermediaries, payment operators, and digital asset businesses. The Act adopts a broad approach to ensure that all sectors potentially vulnerable to money laundering are brought under regulatory oversight. This inclusive strategy extends to real estate professionals, jewellers, cryptocurrency service providers, and even those involved in the formation of business entities or trusts.

This framework reflects the government’s intention to adopt a comprehensive approach to prevent the movement and integration of illicit funds into the legal economy. Every reporting entity, regardless of its size or function, is expected to establish internal processes for monitoring, verifying, and reporting financial transactions as per the standards prescribed under the PMLA.

Suspension of Transactions When Due Diligence Conditions Are Not Met

Under Section 12AA(2) of the PMLA, a reporting entity is not permitted to carry out a specified transaction if the client fails to satisfy the conditions of enhanced due diligence. This legal mandate ensures that transactions of a suspicious or high-risk nature are not processed in the absence of adequate verification and background checks. If a client is unable or unwilling to comply with the identification procedures, the reporting entity must refuse to initiate or complete the transaction.

Procedure for Furnishing Information by Reporting Entities

Reporting entities under the Prevention of Money Laundering Act (PMLA) are mandated to furnish specific information to the Financial Intelligence Unit – India (FIU-IND). The obligation to report is aimed at enabling the FIU to identify, track, and prevent illicit financial activities, including money laundering and terrorism financing.

Nature of Reports to be Submitted

There are various categories of reports that reporting entities must submit, including:

• Cash Transaction Reports (CTRs): Any single or series of connected cash transactions valued at more than ₹10 lakh in a month.

• Suspicious Transaction Reports (STRs): Transactions that raise red flags due to their unusual nature, lack of clear economic rationale, or potential links to criminal activities.

• Non-Profit Organization Transaction Reports (NTRs): Transactions involving non-profit organizations above prescribed thresholds.

• Cross Border Wire Transfer Reports (CBWTRs): Transfers of funds exceeding ₹5 lakh to or from foreign jurisdictions.

• Counterfeit Currency Reports (CCRs): Transactions involving counterfeit Indian currency notes.
  

Reporting Format and Medium

The FIU-IND provides specific formats for each report type. These formats are accessible through the FINnet Gateway, an online portal designed to streamline and secure the reporting process. Reporting entities are required to register on this portal to submit reports electronically. Each reporting category has a specific XML schema and validation mechanism to ensure consistency and accuracy.

• Reports should be digitally signed.

• The data should conform to the prescribed formats and guidelines issued by FIU-IND.

• Reporting must be done electronically through secure channels, typically using the FINnet gateway or approved utility software provided by FIU.
  

Timelines for Submitting Reports

Different reporting obligations have specific submission timelines:

• CTRs: Within 15 days from the end of the month in which the transaction occurred.

• STRs: Promptly, but no later than 7 working days from when the transaction is classified as suspicious.

• NTRs, CBWTRs, CCRs: Usually within 15 days from the end of the month in which the transaction occurs.
  

Failure to comply with the timelines may result in penalties and regulatory action from the Director, FIU-IND.

Record Maintenance Obligations

Reporting entities are also obligated to maintain and preserve:

• Transaction records for five years from the date of the transaction.

• Records of the identity and address of clients obtained through the Know Your Customer (KYC) process for five years after the business relationship has ended or the account has been closed.

• Records of the information furnished to FIU-IND in electronic form to facilitate auditing and inspection by regulatory authorities.
  

Maintaining such records is essential for enabling authorities to reconstruct individual transactions, detect patterns of money laundering, and provide evidence in court proceedings.

Client Confidentiality vs. Reporting Obligations

Reporting suspicious or high-value transactions to the authorities does not constitute a breach of client confidentiality under Indian law. The PMLA provides reporting entities with immunity from civil or criminal liability when they report such information in good faith. This legal protection enables entities to comply with their obligations without fear of legal repercussions from clients.

Quality and Completeness of Reports

FIU-IND expects that all reports:

• They are complete and accurate.

• Contain all essential information such as customer identification data, transaction details, and any associated entities.

• They are free from clerical or system errors that may render them unusable for analysis.
  

Entities must conduct internal validations before submission and adhere to any corrective instructions issued by FIU.

Enforcement and Penalties for Non-Compliance

Authority to Enforce Compliance

Under the Prevention of Money Laundering Act (PMLA), the Director of the Financial Intelligence Unit (FIU-IND) or any officer authorized by the Director has the power to ensure compliance by reporting entities. These powers include the authority to:

• Call for information and records.

• Conduct audits or inspections of reporting entities.

• Issue directions to ensure proper adherence to the obligations under the Act.
  

The enforcement mechanisms are designed to maintain the integrity and reliability of the anti-money laundering framework in India.

Penalties for Default

If a reporting entity or any of its designated directors, officers, or employees fails to comply with obligations under Chapter IV of the PMLA (which covers reporting, record keeping, verification, etc.), they are subject to monetary penalties as laid down in Section 13 of the Act.

The penalties may include:

• A monetary fine ranging from ₹10,000 to ₹1,00,000 per failure.

• Directions to undertake specific corrective actions.

• Issuance of a warning.

• Instructions to conduct internal audits or enhance compliance systems.
  

The adjudication process involves allowing the entity to be heard. However, continued non-compliance can result in more serious consequences, including referral to the relevant regulator for further action or suspension of operations.

Appeals and Legal Recourse

A reporting entity aggrieved by any order passed by the Director, FIU-IND, can file an appeal with the Appellate Tribunal under Section 26 of the PMLA. The appeal must be filed within 45 days of the date of the order. The tribunal has the power to confirm, modify, or set aside the order after hearing both parties.

Role of Regulatory Authorities

The Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI), Insurance Regulatory and Development Authority of India (IRDAI), and other regulatory bodies also play a supervisory role for entities under their jurisdiction. These regulators issue detailed guidelines to strengthen anti-money laundering and counter-terrorist financing (AML/CFT) frameworks.

Reporting entities are required to adhere to sector-specific KYC and AML norms in addition to PMLA obligations. Non-compliance may attract regulatory penalties or restrictions imposed by these authorities.

Whistleblower Protection

Employees of reporting entities who report suspected money laundering activities or non-compliance within their organizations are protected under internal grievance and whistleblower frameworks. These protections are aligned with guidance from regulators and international best practices to ensure that internal reporting is encouraged and safeguarded.

Conclusion

The PMLA imposes extensive obligations on reporting entities to identify, verify, monitor, and report transactions that may involve the proceeds of crime. Compliance is not just a legal formality but a crucial mechanism in India’s fight against financial crime and terrorism financing. Entities must implement robust internal systems, train their personnel, ensure timely reporting, and actively cooperate with regulators and enforcement agencies. Failure to do so can result in severe penalties and reputational damage.