By Vikram Mehta | Updated March 2026
What Is Anti-Money Laundering in India?
Anti-Money Laundering (AML) in India is governed by the Prevention of Money Laundering Act, 2002 (PMLA), which came into force on July 1, 2005. The Act criminalises money laundering — defined under Section 3 as directly or indirectly attempting to indulge in, knowingly assisting, or being involved in any process or activity connected with the proceeds of crime and projecting or claiming such property as untainted. The PMLA established a comprehensive regime of customer identification, transaction reporting, and record-keeping obligations for banks, financial institutions, and intermediaries.
For foreign companies entering India, AML compliance is not optional — it is a condition of doing business. Every banking relationship, every FDI transaction, and every cross-border payment flows through reporting entities that must verify your identity, understand your business, and flag anything unusual to the Financial Intelligence Unit-India (FIU-IND). Non-compliance by reporting entities can result in account freezes, transaction delays, and regulatory penalties that directly impact foreign operations.
The PMLA has been significantly expanded since 2005. Key amendments in 2009, 2013, 2019, and 2023 broadened the scope of scheduled offences (now covering 90+ predicate crimes), extended reporting obligations to professionals like chartered accountants and company secretaries, and brought virtual digital asset (VDA) service providers under AML regulation effective March 2023.
Legal Basis
- Section 3 of the PMLA, 2002 — Defines the offence of money laundering as involvement in any process connected with proceeds of crime. It is a continuing offence lasting as long as proceeds are enjoyed (clarified by Finance Act 2019).
- Section 4 of the PMLA, 2002 — Prescribes punishment: rigorous imprisonment of 3 to 7 years plus fine; up to 10 years for narcotics-related or terrorism-related scheduled offences.
- Sections 11A-15 of the PMLA — Impose obligations on reporting entities for client identification, record maintenance, and transaction reporting.
- PMLA Rules, 2005 (as amended through 2023) — Detail KYC/CDD requirements, beneficial ownership thresholds, enhanced due diligence for PEPs, and reporting formats.
- Section 5 of the PMLA — Empowers the Directorate of Enforcement (ED) to provisionally attach property believed to be proceeds of crime for 180 days, subject to confirmation by the Adjudicating Authority.
- CBDT/FIU-IND Notifications (March 7, 2023) — Extended PMLA to VDA service providers, formally defined PEPs, widened beneficial ownership scope, and mandated NPO registration on the Darpan portal.
Who Must Comply? Reporting Entities Under PMLA
The PMLA imposes obligations on a broad category of "reporting entities" — organisations through which money flows and laundering risk concentrates. Foreign companies interact with these entities daily when operating in India.
| Category | Examples | Regulator |
|---|---|---|
| Banking Companies | Scheduled commercial banks, cooperative banks, payment banks, small finance banks | RBI |
| Financial Institutions | NBFCs, housing finance companies, insurance companies, pension funds | RBI / IRDAI / PFRDA |
| Intermediaries | Stock brokers, mutual fund distributors, depository participants, merchant bankers | SEBI |
| Designated Professionals | Chartered accountants, company secretaries (for specified financial transactions) | ICAI / ICSI |
| Real Estate Agents | Property dealers involved in transactions of INR 20 lakh or more | FIU-IND |
| VDA Service Providers | Cryptocurrency exchanges, wallet providers (added March 2023) | FIU-IND |
What Reporting Entities Must Do
Every reporting entity must: (a) maintain records of all transactions for 5 years from the transaction date or 5 years after account closure, whichever is later; (b) verify customer identity using reliable and independent sources; (c) identify beneficial owners behind corporate structures; (d) report prescribed transactions to FIU-IND; and (e) appoint a Principal Officer responsible for AML compliance and FIU-IND reporting.
FIU-IND: India's Financial Intelligence Unit
The Financial Intelligence Unit-India (FIU-IND), established in 2004 under the Department of Revenue, Ministry of Finance, is the central national agency responsible for receiving, processing, analysing, and disseminating information relating to suspect financial transactions. It operates as the bridge between reporting entities and law enforcement.
Reports Filed with FIU-IND
| Report Type | Threshold / Trigger | Filing Deadline | Filing Frequency |
|---|---|---|---|
| Cash Transaction Report (CTR) | Cash transactions exceeding INR 10 lakh (INR 1 million) individually or connected transactions aggregating INR 10 lakh in a month | 15th of the following month | Monthly |
| Suspicious Transaction Report (STR) | No monetary threshold — any transaction with no economic rationale, unusual complexity, or suspected link to scheduled offences | Within 7 working days of forming suspicion | As triggered |
| Non-Profit Organisation Transaction Report (NTR) | Donations or transfers exceeding INR 10 lakh | 15th of the following month | Monthly |
| Cross-Border Wire Transfer Report (CBWTR) | International wire transfers of INR 5 lakh (INR 500,000) or more | 15th of the following month | Monthly |
| Counterfeit Currency Report (CCR) | Detection of fake Indian currency notes | 15th of the following month | Monthly |
All reports are filed electronically through the FINGate 2.0 portal. Each reporting entity receives a Reporting Entity Identification Number (REID) upon registration. The Director of FIU-IND can impose penalties of up to INR 1 lakh per unreported transaction for non-compliance with reporting obligations.
KYC and Customer Due Diligence Under PMLA Rules
The PMLA Rules, 2005 (as amended) mandate a risk-based approach to Know Your Customer (KYC) and Customer Due Diligence (CDD). Every reporting entity must have a board-approved KYC policy covering four elements: customer acceptance policy, risk management, customer identification procedures, and transaction monitoring.
Standard CDD Requirements
Customer identification is required at: (a) account opening; (b) any transaction exceeding INR 50,000 (whether single or connected); (c) any international wire transfer; and (d) when there is doubt about the veracity of previously obtained identification data. Documents accepted include Aadhaar, PAN, passport, and official KYC records from the Central KYC Records Registry (CKYCR).
Beneficial Ownership Identification
Reporting entities must identify the natural person who ultimately owns or controls the customer entity. The ownership thresholds for determining beneficial owners are: 10% for companies, trusts, and partnerships (lowered from 25% for companies and 15% for partnerships in the 2023 amendment). If no natural person is identified through ownership, the senior managing official is deemed the beneficial owner. This is particularly important for foreign companies with complex holding structures — your holding company chain will be traced to the ultimate individual.
Enhanced Due Diligence (EDD)
Enhanced measures apply to: non-resident clients, high-net-worth individuals, foreign PEPs (defined under the 2023 amendment as individuals entrusted with prominent foreign public functions), trusts, charities, NGOs, non-face-to-face clients, and clients from high-risk jurisdictions. EDD requires verification of senior management identities, source of funds documentation, detailed examination of relationship purpose, and ongoing transaction monitoring against the customer profile.
ED Enforcement and Penalties
The Directorate of Enforcement (ED), under the Department of Revenue, Ministry of Finance, is the primary agency for investigating and prosecuting money laundering offences under PMLA. Its powers are extensive and directly affect foreign companies operating in India.
ED Powers Under PMLA
- Provisional Attachment (Section 5): The ED can attach property believed to be proceeds of crime for 180 days without a court order. A Deputy Director-level officer or above can issue the order. The Supreme Court in Vijay Madanlal Choudhary v. Union of India (2022) confirmed that registration of a predicate offence is not mandatory for attachment.
- Search and Seizure (Sections 16-18): Officers can enter and search any building, break open locks, and seize documents and property.
- Arrest (Section 19): ED can arrest with grounds disclosure required (per Pankaj Bansal v. Union of India, 2023, Supreme Court).
- Confiscation: After adjudication, property confirmed as proceeds of crime is confiscated by the Central Government.
Penalties and Consequences
| Offence / Non-Compliance | Penalty |
|---|---|
| Money laundering (Section 4) | Rigorous imprisonment: 3 to 7 years + fine (no cap) |
| Narcotics/terrorism-related laundering | Rigorous imprisonment: 3 to 10 years + fine |
| Failure to maintain records (reporting entity) | Fine up to INR 1 lakh per failure |
| Failure to report CTR/STR | Fine up to INR 1 lakh per unreported transaction |
| Non-compliance with KYC norms (banks) | RBI monetary penalty — up to INR 5 crore (e.g., Federal Bank fined INR 5 crore) |
| Bail restrictions (Section 45) | Twin conditions: court must be satisfied the accused is not guilty and will not commit further offences |
How This Affects Foreign Investors in India
Foreign companies encounter PMLA compliance at every stage of their India operations:
- Opening a bank account: Your authorised dealer bank will conduct full KYC/CDD, including tracing beneficial ownership to the ultimate individual shareholder. Complex offshore structures (BVI holding → Singapore SPV → Indian subsidiary) trigger enhanced due diligence, adding 2-4 weeks to account opening.
- Receiving FDI: Inward remittances for FC-GPR filings are screened by correspondent banks. Source of funds documentation is mandatory — not just the bank statement but the commercial rationale for the investment amount.
- Cross-border payments: Every wire transfer of INR 5 lakh or more is reported to FIU-IND via CBWTR. Frequent transfers without clear commercial purpose trigger STR filings.
- Engaging Indian professionals: If your company secretary or CA performs specified financial transactions on your behalf (company formation, share transfers, property transactions), they are reporting entities and must conduct CDD on you.
- Property transactions: Leasing office space valued at INR 20 lakh or more involves a real estate agent who must conduct KYC and report to FIU-IND.
Common Mistakes
- Assuming AML is only the bank's problem. Foreign companies often think compliance is the bank's responsibility. In practice, your failure to provide timely KYC documentation, explain source of funds, or update beneficial ownership information causes account restrictions, payment holds, and STR filings against your transactions — all of which create regulatory footprints that are difficult to undo.
- Using nominee shareholders to obscure beneficial ownership. The 2023 PMLA amendments lowered the beneficial ownership threshold to 10% for companies. Banks and regulators will look through nominees to the ultimate natural person. Opaque structures raise red flags and can trigger ED scrutiny under the SBO provisions.
- Not appointing a Principal Officer for Indian operations. If your Indian subsidiary or branch office qualifies as a reporting entity (e.g., an NBFC or securities intermediary), you must appoint a Principal Officer responsible for STR/CTR filings. Failure to do so is itself a compliance violation with penalties of INR 1 lakh per instance.
- Treating KYC as a one-time exercise. PMLA Rules require periodic KYC updates on a risk-based cycle — high-risk clients every 2 years, medium-risk every 8 years, low-risk every 10 years. Changes in beneficial ownership, registered address, or business nature must be updated proactively. Stale KYC is a common finding in RBI inspections.
- Ignoring the continuing offence doctrine. Money laundering under PMLA is a continuing offence — it persists as long as the proceeds of crime are enjoyed. This means the limitation period does not run out while laundered funds remain in use, and past transactions can be investigated years later.
Practical Example
NovaBridge Capital Pte Ltd, a Singapore-based fintech company, sets up a wholly owned subsidiary in India — NovaBridge India Pvt Ltd — with an authorised capital of INR 5 crore. Here is how PMLA compliance affects their operations:
Step 1 — Bank Account Opening: NovaBridge approaches HDFC Bank to open a current account. The bank conducts CDD: it requires NovaBridge Singapore's Certificate of Incorporation, Memorandum of Association, board resolution authorising the Indian subsidiary, passport copies of all directors, and identification of the ultimate beneficial owner (the individual holding 10%+ in NovaBridge Singapore — Mr. Tan Wei Lin, holding 35%). Processing takes 3 weeks due to EDD on the non-resident parent.
Step 2 — Initial Capital Infusion: NovaBridge remits USD 600,000 (approximately INR 5 crore) as share capital. The inward remittance exceeds INR 5 lakh, triggering a Cross-Border Wire Transfer Report (CBWTR) by HDFC Bank to FIU-IND. The bank requests source of funds documentation — NovaBridge provides audited financials showing the funds originated from a Series A raise.
Step 3 — Ongoing Operations: NovaBridge India receives monthly service fees of INR 15 lakh from its Singapore parent. Over 6 months, the bank notices the pattern is consistent and commercially justified — no STR is filed. However, in Month 7, NovaBridge receives an unusual INR 80 lakh payment from an unrelated third party in Dubai with no clear commercial link. The bank's transaction monitoring system flags this. The Principal Officer reviews and files an STR within 7 working days.
Step 4 — Consequence of Ignoring Compliance: If NovaBridge India had failed to update its KYC when Mr. Tan sold his stake to a new investor (a PEP from a high-risk jurisdiction), and the bank later discovered this during a periodic review, the bank would file an STR, potentially freeze the account pending clarification, and report the lapse to RBI. NovaBridge India could face weeks of frozen operations and reputational damage with its banking partner.
Key Takeaways
- The PMLA, 2002 is India's primary AML law, imposing imprisonment of 3-7 years (up to 10 years for narcotics/terrorism-related offences) plus unlimited fines for money laundering.
- FIU-IND receives five types of reports: CTR (cash over INR 10 lakh), STR (no threshold — suspicion-based), CBWTR (wire transfers over INR 5 lakh), NTR, and CCR, all filed through the FINGate 2.0 portal.
- KYC/CDD is mandatory for all reporting entities with beneficial ownership traced to the 10% threshold for companies — foreign holding structures are fully scrutinised.
- The ED can provisionally attach property for 180 days without a court order and arrest suspects under PMLA.
- Foreign companies face AML compliance at every touchpoint: bank accounts, FDI remittances, cross-border payments, professional engagements, and property transactions.
- Non-compliance penalties range from INR 1 lakh per unreported transaction to INR 5 crore in RBI fines for banks, plus criminal prosecution for money laundering itself.
Navigating AML compliance for your India operations? Beacon Filing provides end-to-end compliance outsourcing including KYC documentation, regulatory reporting coordination, and ongoing PMLA compliance management for foreign-owned entities.