India Amends Anti-Money Laundering Law to Include Accounting Professionals, Company Representatives like Directors

Posted by Written by Naina Bhardwaj Reading Time: 9 minutes

Anti-money laundering (AML) regulations in India apply to a range of entities, such as companies, banks, crypto exchanges, foreign portfolio investors, trusts, and NGOs. India recently made changes to its AML law to expand the scope of reporting entities to include company representatives (directors, etc.), banking intermediaries, financial companies, as well as accountancy professionals, such as Chartered Accountants and Company Secretaries.

In this article, we discuss which individuals and entities are subject to AML regulations in India, list the essential reporting requirements, and provide guidance on recommended best practices. India revises the scope of its anti-money laundering regulations from time to time. Foreign entities and professional service providers should be alert to any changes in the application of these reporting obligations. 

The Prevention of Money Laundering Act (PMLA), 2002 and its accompanying rules (PML Rules) serve as the primary legal framework for the prosecution of money laundering in India.

AML compliance in India: Who needs to follow anti-money laundering regulations

As of May, 2023, the following entities are subject to AML Compliance in India:

Entities Subject to AML Compliance in India


Beneficial owners

Companies and all individuals helping in the formation of a company, including those acting as a director, secretary or proxy nominee director.


Non face-to-face customers

Partnership firms


Foreign portfolio investors


Politically exposed persons outside India

Banking intermediaries and financial companies

Intermediaries in the crypto ecosystem, such as crypto exchanges, wallets, service providers

Accounting professionals including CA, CS, CWA


Expansion of PMLA scope to include company representatives, directors

According to a notification released on May 9, 2023 the Indian government has further extended the reach of the PMLA to include all individuals helping in the formation of a company, including those acting as a director, secretary or proxy nominee director.
The law now also includes individuals who provide registered offices, business addresses, accommodations, correspondence, or administrative addresses for companies, limited liability partnerships, or trusts.

Accounting professionals brought under the scope of money laundering

On May 3, 2023, the government made further revisions to the PMLA, 2002. The changes broaden the money laundering law’s application to include practicing chartered accountants (CA), company secretaries (CS), and cost and works accountants (CWA) who conduct financial transactions on behalf of their clients. However, the updated definition of covered entities under the PMLA does not include lawyers and legal professionals.

The revised regulations will now require CA, CS, and CWA professionals to undergo the Know Your Company (KYC) process before starting any work on behalf of their clients. This indicates that accountants will now be considered reporting entities if they manage their clients’ finances. As per the notification, accountants are required to carry out due diligence on their clients’ ownership and financial status, along with the sources of their funds, and also document the transaction’s purpose.

Background: Inclusion of accounting professionals under PMLA in response to Chinese app scam

The recent changes to the PMLA, 2002 were made in response to the Chinese apps scam, where some accounting professionals assisted in setting up shell companies for these apps. These professionals used their office address to register these shell companies and even became directors, with some having access to their bank accounts.

Some of these Chinese apps offered instant loans, which many individuals found tempting. Unfortunately, personal data of the loan recipients was compromised and shared with other apps, including gaming apps.

To prevent such scams, accountants are now required to perform due diligence on their clients’ ownership, financial status, and source of funds, as well as document the transaction’s purpose.

The Indian government has taken legal action against some of the professionals involved and referred them to the Institute of Chartered Accountants of India for disciplinary action.

Which financial activities carried out by accounting professionals in India are covered by the PMLA?

  • Buying and selling any immovable property.
  • Managing client money, securities, or other assets.
  • Management of bank, savings, or securities accounts.
  • Organization of contributions for the creation, operation, or management of companies.
  • Creation, operation, or management of companies, limited liability partnerships or trusts, and buying and selling of business entities.

PML (Maintenance of Records) Amendment Rules, 2023

Earlier in March, 2023, the Prevention of Money Laundering (Maintenance of Records) Amendment Rules, 2023 were introduced by the Department of Revenue under the Ministry of Finance. These rules widened the ambit of reporting entities under money laundering provisions to incorporate more disclosures for non-governmental organisations and defined politically exposed persons (PEPs) under the PMLA in line with the recommendations of the FATF.

The new rules require reporting entities like financial institutions, banking companies, or intermediaries to disclose beneficial owners in addition to the current KYC requirements through documents like registration certificates and PAN (Permanent Account Number).

What are the recent amendments to PMLA, 2002?

Politically exposed person

The amendment rules have introduced a new clause, which defines “Politically Exposed Persons” (PEPs) as individuals who have been “entrusted with prominent public functions by a foreign country, including the heads of States or Governments, senior politicians, senior government or judicial or military officers, senior executives of state-owned corporations and important political party officials”.

Beneficial ownership

In line with existing provisions of The Income-Tax Act, 1961 and The Companies Act, the amended rules have now lowered the threshold for identifying beneficial owners by reporting entities, where the client is acting on behalf of its beneficial owner. Earlier, definition of “beneficial owner” included, among other things, the ownership of or right to more than 25 percent of the company’s shares, capital, or profits. This threshold of 25 percent has been lowered to 10 percent, bringing more indirect players into the reporting net. The amendments require “reporting entities”- banks, other financial institutions, and businesses operating in the real estate and jewelry industries – to gather data on each person or organization that has a 10 percent ownership in their clients.

Non-profit organization

The definition of “non-profit organization” has been expanded, which will now include any entity or organization constituted for religious or charitable purposes referred to in Section 2(15) of the Income-tax Act, 1961; or registered as a trust or a society under the Societies Registration Act, 1860 or any similar state legislation; or a company registered under Section 8 of the Companies Act, 2013.

If the client is a non-profit organization, reporting entities must also register the client’s information on the NITI Aayog’s DARPAN portal.

Due diligence and documentation

The necessary due diligence documentation has now expanded beyond just getting the fundamental KYCs of clients, such as registration certificates, PAN copies, and documents of officers with the authority to act on their behalf. Depending on the legal structure of the firm, it now also involves the submission of information, such as the names of those in top management positions, partners, beneficiaries, trustees, settlors, and writers. Moreover, clients must now provide information about their registered office and primary place of business to financial institutions, banks, or intermediaries.

Cryptocurrency and virtual digital assets (VDAs)

The new rules have brought crypto currency and VDAs under the ambit of anti-money laundering law (AML). As per new rules, an entity dealing in VDAs will now be considered a ‘reporting entity’ under the PMLA. The amendment will require intermediaries in the crypto ecosystem, such as crypto exchanges, wallets, and other service providers, to establish and implement PMLA measures and systems. These measures include conducting KYC checks during customer onboarding, retaining customer data for a specified period, monitoring and reporting suspicious transactions, and having policies for tracking transactions.

The transactions related to cryptocurrency and VDAs which are covered by the PMLA now include:

  • Converting virtual digital assets into fiat currencies and vice versa
  • Exchanging one or more forms of virtual digital assets
  • Transferring virtual digital assets
  • Securely storing or managing virtual digital assets
  • Providing financial services related to the sale of virtual digital assets by an issuer

Which authorities investigate and prosecute anti-money laundering offences in India?

At the federal level, the Directorate of Enforcement (ED) is the principal legal entity in charge of looking into and prosecuting money laundering offences under the PMLA.

The ED comes under the Department of Revenue within the Ministry of Finance. It has the authority to initiate proceedings for the seizure of property as well as proceedings in the designated Special Court for money laundering crimes.

The Financial Intelligence Unit – India (FIU-IND), which is a part of the Department of Revenue and Ministry of Finance, is the primary national body in charge of collecting, processing, assessing, and disseminating data about suspicious financial transactions to law enforcement authorities and foreign FIUs.

Apart from the ED and FIU, regulators like the Reserve Bank of India (RBI), Securities & Exchange Board of India (SEBI), and Insurance Regulatory & Development Authority of India (IRDAI) are empowered to handle matters relating to money laundering activities and establish AML standards.

  • SEBI: The SEBI has published comprehensive KYC standards and guidelines for financial intermediaries and investors in the securities sector.
  • RBI: The central bank has established KYC and AML requirements for banks and other financial institutions under its regulation.
  • IRDAI: IRDAI has established specific and mandatory AML regulations for certain classes of insurers in order to combat the financing of terrorism.
  • Economic Offences Wing, Central Bureau of Investigation (CBI): The CBI is a specialized police organization that’s been established to investigate certain kinds of crimes, such as crimes involving public officials who have engaged in corruption, significant economic offences, fraud, and crimes that have implications for the country or multiple states.
  • Income Tax Department: This department has the authority to impose taxes on undisclosed foreign income and assets held by Indian residents to prevent the crime of money laundering.
  • Registrar of Companies (RoC): As per the new requirement under the Companies Act 2013, every Indian company, whether private and public, is mandated to file with the RoC a record of the company’s significant beneficial owners (in eForm MGT-6).

How to comply with anti-money laundering regulations in India?

As a designated service provider, businesses must guarantee that they have a stringent AML policy in place. The following steps can inform a strong AML policy:

  • Policies, practices, and controls relating to money laundering and terrorism financing.
  • Transaction monitoring, with a focus on high-risk accounts; consumer identity verification; customer profiling utilizing risk categorization; and regular customer reviews.
  • A well-managed AML program has adequate systems and controls, role-divided tasks, and training, among other things.
  • Internal audits to monitor, investigate, and confirm compliance with anti-money laundering and countering financing of terrorism policies and procedures.
  • Hiring a compliance officer with the necessary credentials to oversee the AML program.

What are the anti-money laundering reporting obligations for businesses in India?

As a designated service provider, a company is required to notify FIU-IND of certain purchases and suspicious activity. Notable ongoing reporting responsibilities are:

  • Suggested suspicious transaction report (STR): This report must be filed within seven days after determining that a transaction—cash or non-cash—or a string of transactions—regardless of how they are connected—is suspicious.
  • By the 15th of the month following the month in which they were generated, reports on cash transactions must be submitted to FIU-IND. Any cash transactions involving a sum of more than INR 1 million should be notified to the relevant authorities.
  • Counterfeit currency report (CCR): If fake or stolen Indian currency is used, the Principal Officer must immediately alert the FIU-IND and the relevant Indian police department.
  • Non-profit transaction reports (NTRs): NTRs are necessary for any purchases made by non-profit organizations involving the receipt of more than INR 1 million.
  • Records need to be retained for at least 10 years after the transaction or business relationship has concluded.

SEBI Checklist for Anti-Money Laundering in India

One-time compliance

Rolling / continuous compliance

  • Appointment of Principal Officer


  • Undertaking audit trail using company information


  • Record of transactions as per the rules


  • Undertaking due diligence for customer


  • Periodic review of the policies internally


  • Conducting client identification



  • Identification of risk sensitive customers


Procedure for AML compliance

Step 1: Introduction

To transact with a bank, a customer or client must either open an account or speak with the bank representative. This is regarded as the customer engagement process, which is a crucial component of the framework for risk management.

Step 2: Documentation/customer due diligence

The bank asks for crucial paperwork during this step. The customer is required to give the bank the bare minimum of paperwork in this situation. The bank or financial institution may request more documents if it determines it’s necessary to do so. If the bank has a reasonable cause to believe that the customer or transaction entails a significant amount of risk, it will in this case conduct additional due diligence.

Step 3: Procedure

According to the category the business falls under, specific AML compliance requirements must be followed, and the bank will take appropriate action.

Step 4: Updating AML/KYC compliance

For consumers with a high-risk profile, the AML compliance must be updated at least once every two years. The KYC must be updated every eight years for consumers with a medium risk profile and every ten years for customers with a low risk profile. For low-risk consumers, new papers are not required to be submitted at the time of upgrading.

Step 5: Failure to follow anti-money laundering regulations

For non-compliance, banks or other financial institutions may initiate following measures:

  • Put individual accounts on hold.
  • Partial account freezing. These accounts will be unfrozen, though, if clients abide by the rules.
  • In the event that the aforementioned requirements are still not followed, banks are free to close the accounts.

Step 6: Maintaining documentation

The bank or other financial institution must keep records of transactions with a specific value. For the purpose of records management, the following transactions must be preserved.

  • Business dealings with a value of INR 1 million or more. This could be in a different currency.
  • A series of interconnected transactions with a monetary value of at least INR 1 million.
  • Suspicious transactions made over wire transfers.
  • Any transactions involving forged currency or counterfeit banknotes.
  • Transactions that include receiving more than INR 1 million in funding from a non-profit organization.

Step 7: Documentation and records preservation

Banks and financial institutions are required to keep records for a minimum period of five years after the initial transaction under the PML Amendment Act of 2012.

Banks can keep client records in both physical copy and digital form. Any odd transaction involving a convoluted series of events must be reported to the bank’s senior officer or the money laundering officer.

Step 8: Reporting

In accordance with the provisions of the PML (Maintenance of Records) Rules, 2005, all transactions that take place in non-governmental organizations (NGOs) must be reported. In addition, banks must report transactions involving trusts and other types of societies. Transactions must be reported to the Director of FIU-IND, which must receive the related reports.

What are the documents required for AML compliance in India?

Documents Required for AML Compliance

KYC documentation

Electronic KYC documentation


Official valid documents

Individual voter ID

Aadhaar card

Pan card

Utility Bill of the individual which is for two months with the provider

Receipts such as municipal tax

PPO (Pension Payment Order documents).

Letter issued by Gazette officer with photograph of the individual

For companies/partnerships


Certificate of Incorporation (CoI) of the company

Partnership deed

Resolutions of directors

(This article was originally published on March 9, 2023. It was last updated on May 12, 2023.)

About Us

India Briefing is produced by Dezan Shira & Associates. The firm assists foreign investors throughout Asia from offices across the world, including in Delhi and Mumbai. Readers may write to for more support on doing business in India.

We also maintain offices or have alliance partners assisting foreign investors in Indonesia, Singapore, Vietnam, Philippines, Malaysia, Thailand, Italy, Germany, and the United States, in addition to practices in Bangladesh and Russia.