India Notifies Prevention of Money Laundering (Maintenance of Records) Amendment Rules, 2023

Posted by Written by Naina Bhardwaj Reading Time: 7 minutes

Anti-money laundering (AML) provisions in India are imposed on companies, banks, crypto exchanges, foreign portfolio investors, trusts, and NGOs, among others. We discuss which categories of persons and types of entities need to comply with AML regulation in India, what are the key reporting obligations, and best practices to follow.

The Prevention of Money Laundering Act (PMLA), 2002 and its accompanying rules (PML Rules) serve as the primary legal framework for the prosecution of money laundering in India.

Recently in a notification dated March 7, 2023, the Prevention of Money Laundering (Maintenance of Records) Amendment Rules, 2023 were introduced by the Department of Revenue under the Ministry of Finance. These rules require reporting entities like financial institutions, banking companies, or intermediaries to disclose beneficial owners in addition to the current KYC requirements through documents like registration certificates and PAN (Permanent Account Number).

What are the recent amendments to PMLA, 2002?

Politically exposed person

The amendment rules have introduced a new clause, which defines “Politically Exposed Persons” (PEPs) as individuals who have been “entrusted with prominent public functions by a foreign country, including the heads of States or Governments, senior politicians, senior government or judicial or military officers, senior executives of state-owned corporations and important political party officials”.

Beneficial ownership

In line with existing provisions of The Income-Tax Act, 1961 and The Companies Act, the amended rules have now lowered the threshold for identifying beneficial owners by reporting entities, where the client is acting on behalf of its beneficial owner. Earlier, definition of “beneficial owner” included, among other things, the ownership of or right to more than 25 percent of the company’s shares, capital, or profits. This threshold of 25 percent has been lowered to 10 percent, bringing more indirect players into the reporting net. The amendments require “reporting entities”- banks, other financial institutions, and businesses operating in the real estate and jewelry industries – to gather data on each person or organization that has a 10 percent ownership in their clients.

Non-profit organization

The definition of “non-profit organization” has been expanded, which will now include any entity or organization constituted for religious or charitable purposes referred to in Section 2(15) of the Income-tax Act, 1961; or registered as a trust or a society under the Societies Registration Act, 1860 or any similar state legislation; or a company registered under Section 8 of the Companies Act, 2013.

If the client is a non-profit organization, reporting entities must also register the client’s information on the NITI Aayog’s DARPAN portal.

Due diligence and documentation

The necessary due diligence documentation has now expanded beyond just getting the fundamental KYCs of clients, such as registration certificates, PAN copies, and documents of officers with the authority to act on their behalf. Depending on the legal structure of the firm, it now also involves the submission of information, such as the names of those in top management positions, partners, beneficiaries, trustees, settlors, and writers. Moreover, clients must now provide information about their registered office and primary place of business to financial institutions, banks, or intermediaries.

Cryptocurrency and virtual digital assets (VDAs)

The new rules have brought crypto currency and VDAs under the ambit of anti-money laundering law (AML) where crypto exchanges and intermediaries dealing with virtual digital assets will now be required to perform KYC of their clients and users of the platform.

As per new rules, an entity dealing in VDAs will now be considered a ‘reporting entity’ under the PMLA.

Which authorities investigate and prosecute anti-money laundering offences in India?

At the federal level, the Directorate of Enforcement (ED) is the principal legal entity in charge of looking into and prosecuting money laundering offences under the PMLA.

The ED comes under the Department of Revenue within the Ministry of Finance. It has the authority to initiate proceedings for the seizure of property as well as proceedings in the designated Special Court for money laundering crimes.

The Financial Intelligence Unit – India (FIU-IND), which is a part of the Department of Revenue and Ministry of Finance, is the primary national body in charge of collecting, processing, assessing, and disseminating data about suspicious financial transactions to law enforcement authorities and foreign FIUs.

Apart from the ED and FIU, regulators like the Reserve Bank of India (RBI), Securities & Exchange Board of India (SEBI), and Insurance Regulatory & Development Authority of India (IRDAI) are empowered to handle matters relating to money laundering activities and establish AML standards.

  • SEBI: The SEBI has published comprehensive KYC standards and guidelines for financial intermediaries and investors in the securities sector.
  • RBI: The central bank has established KYC and AML requirements for banks and other financial institutions under its regulation.
  • IRDAI: IRDAI has established specific and mandatory AML regulations for certain classes of insurers in order to combat the financing of terrorism.
  • Economic Offences Wing, Central Bureau of Investigation (CBI): The CBI is a specialized police organization that’s been established to investigate certain kinds of crimes, such as crimes involving public officials who have engaged in corruption, significant economic offences, fraud, and crimes that have implications for the country or multiple states.
  • Income Tax Department: This department has the authority to impose taxes on undisclosed foreign income and assets held by Indian residents to prevent the crime of money laundering.
  • Registrar of Companies (RoC): As per the new requirement under the Companies Act 2013, every Indian company, whether private and public, is mandated to file with the RoC a record of the company’s significant beneficial owners (in eForm MGT-6).

How to comply with anti-money laundering regulations in India?

As a designated service provider, businesses must guarantee that they have a stringent AML policy in place. The following steps can inform a strong AML policy:

  • Policies, practices, and controls relating to money laundering and terrorism financing.
  • Transaction monitoring, with a focus on high-risk accounts; consumer identity verification; customer profiling utilizing risk categorization; and regular customer reviews.
  • A well-managed AML program has adequate systems and controls, role-divided tasks, and training, among other things.
  • Internal audits to monitor, investigate, and confirm compliance with anti-money laundering and countering financing of terrorism policies and procedures.
  • Hiring a compliance officer with the necessary credentials to oversee the AML program.

What are the anti-money laundering reporting obligations for businesses in India?

As a designated service provider, a company is required to notify FIU-IND of certain purchases and suspicious activity. Notable ongoing reporting responsibilities are:

  • Suggested suspicious transaction report (STR): This report must be filed within seven days after determining that a transaction—cash or non-cash—or a string of transactions—regardless of how they are connected—is suspicious.
  • By the 15th of the month following the month in which they were generated, reports on cash transactions must be submitted to FIU-IND. Any cash transactions involving a sum of more than INR 1 million should be notified to the relevant authorities.
  • Counterfeit currency report (CCR): If fake or stolen Indian currency is used, the Principal Officer must immediately alert the FIU-IND and the relevant Indian police department.
  • Non-profit transaction reports (NTRs): NTRs are necessary for any purchases made by non-profit organizations involving the receipt of more than INR 1 million.
  • Records need to be retained for at least 10 years after the transaction or business relationship has concluded.

SEBI Checklist for Anti-Money Laundering in India

One-time compliance

Rolling / continuous compliance

  • Appointment of Principal Officer


  • Undertaking audit trail using company information


  • Record of transactions as per the rules


  • Undertaking due diligence for customer


  • Periodic review of the policies internally


  • Conducting client identification



  • Identification of risk sensitive customers


Procedure for AML compliance

Step 1: Introduction

To transact with a bank, a customer or client must either open an account or speak with the bank representative. This is regarded as the customer engagement process, which is a crucial component of the framework for risk management.

Step 2: Documentation/customer due diligence

The bank asks for crucial paperwork during this step. The customer is required to give the bank the bare minimum of paperwork in this situation.

The bank or financial institution may request more documents if it determines it’s necessary to do so. If the bank has a reasonable cause to believe that the customer or transaction entails a significant amount of risk, it will in this case conduct additional due diligence.

Step 3: Procedure

According to the category the business falls under, specific AML compliance requirements must be followed, and the bank will take appropriate action.

Who Are Subject to AML Compliance in India?

  • Individuals
  • Non face-to-face customers
  • Politically exposed persons outside India
  • Companies
  • Partnership firms
  • Trusts
  • NGOs
  • Foreign portfolio investors
  • Beneficial owners

Step 4: Updating AML/KYC compliance

For consumers with a high-risk profile, the AML compliance must be updated at least once every two years. The KYC must be updated every eight years for consumers with a medium risk profile and every ten years for customers with a low risk profile. For low-risk consumers, new papers are not required to be submitted at the time of upgrading.

Step 5: Failure to follow anti-money laundering regulations

For non-compliance, banks or other financial institutions may initiate following measures:

  • Put individual accounts on hold.
  • Partial account freezing. These accounts will be unfrozen, though, if clients abide by the rules.
  • In the event that the aforementioned requirements are still not followed, banks are free to close the accounts.

Step 6: Maintaining documentation

The bank or other financial institution must keep records of transactions with a specific value. For the purpose of records management, the following transactions must be preserved.

  • Business dealings with a value of INR 1 million or more. This could be in a different currency.
  • A series of interconnected transactions with a monetary value of at least INR 1 million.
  • Suspicious transactions made over wire transfers.
  • Any transactions involving forged currency or counterfeit banknotes.
  • Transactions that include receiving more than INR 1 million in funding from a non-profit organization.

Step 7: Documentation and records preservation

Banks and financial institutions are required to keep records for a minimum period of five years after the initial transaction under the PML Amendment Act of 2012.

Banks can keep client records in both physical copy and digital form. Any odd transaction involving a convoluted series of events must be reported to the bank’s senior officer or the money laundering officer.

Step 8: Reporting

In accordance with the provisions of the PML (Maintenance of Records) Rules, 2005, all transactions that take place in non-governmental organizations (NGOs) must be reported. In addition, banks must report transactions involving trusts and other types of societies. Transactions must be reported to the Director of FIU-IND, which must receive the related reports.

What are the documents required for AML compliance in India?

Documents Required for AML Compliance

KYC documentation

Electronic KYC documentation


Official valid documents

Individual voter ID

Aadhaar card

Pan card

Utility Bill of the individual which is for two months with the provider

Receipts such as municipal tax

PPO (Pension Payment Order documents).

Letter issued by Gazette officer with photograph of the individual

For companies/partnerships


Certificate of Incorporation (CoI) of the company

Partnership deed

Resolutions of directors

This article was originally published on March 9, 2023. It was updated for clarification on March 10, 2023.

About Us

India Briefing is produced by Dezan Shira & Associates. The firm assists foreign investors throughout Asia from offices across the world, including in Delhi and Mumbai. Readers may write to for more support on doing business in in India.

We also maintain offices or have alliance partners assisting foreign investors in Indonesia, Singapore, Vietnam, Philippines, Malaysia, Thailand, Italy, Germany, and the United States, in addition to practices in Bangladesh and Russia.