By Sneha Iyer | Updated March 2026
What Is International AML Compliance?
International Anti-Money Laundering (AML) compliance refers to the web of global standards, sanctions regimes, and screening obligations that govern cross-border financial activity. For foreign companies operating in India, this means navigating three overlapping systems simultaneously: the Financial Action Task Force (FATF) recommendations that shape India's domestic AML laws, sanctions programs from the UN Security Council, OFAC, and the EU that restrict dealings with designated individuals and countries, and Politically Exposed Person (PEP) identification requirements that impose enhanced scrutiny on transactions involving government officials and their associates.
India became a FATF member in 2010 and underwent its most recent Mutual Evaluation in 2024 (onsite inspection November 2023, report published September 2024). The evaluation placed India in the "regular follow-up" category — the highest rating, shared by only four other G20 countries including the UK, France, and Italy. India was rated compliant or largely compliant with 37 of the 40 FATF Recommendations, with partial compliance on three: non-profit organisations (R.8), politically exposed persons (R.12), and regulation of designated non-financial businesses and professions (R.28).
Understanding these international frameworks is essential because Indian banks, authorised dealer banks, and financial institutions apply them when onboarding foreign clients. A foreign company that does not understand sanctions screening, PEP disclosure requirements, or FATF-driven KYC norms will face delays, account freezes, and compliance friction at every step of its India operations.
Legal Basis
- FATF 40 Recommendations (revised 2012, updated ongoing) — The global standard for AML/CFT, covering risk assessment, customer due diligence, suspicious transaction reporting, transparency of legal persons, international cooperation, and targeted financial sanctions. India has committed to implementing all 40.
- Prevention of Money Laundering Act, 2002 (PMLA) — India's primary AML statute, which incorporates FATF standards into domestic law. The PMLA Rules, 2005 (as amended through 2023) operationalise KYC/CDD, PEP identification, and reporting obligations.
- United Nations (Security Council) Act, 1947 — Empowers the Central Government to implement UNSC sanctions resolutions, including asset freezes, travel bans, and arms embargoes, through government orders issued by the Ministry of External Affairs.
- Weapons of Mass Destruction and their Delivery Systems (Prohibition of Unlawful Activities) Act, 2005 — Implements UNSC sanctions related to WMD proliferation. Section 12A mandates asset freezing for designated persons. Criminal penalties include imprisonment up to life.
- Unlawful Activities (Prevention) Act, 1967 (UAPA) — Implements terrorism-related sanctions, including designation of terrorist organisations and individuals.
- Foreign Trade (Development and Regulation) Act, 1992 — Enables trade sanctions enforcement, including the 2025 blanket prohibition on imports from Pakistan. Penalties include fines up to 5 times the transaction value.
India's FATF Mutual Evaluation 2024: The Full Picture
India's September 2024 Mutual Evaluation Report (MER), conducted jointly by FATF, the Asia/Pacific Group on Money Laundering (APG), and the Eurasian Group (EAG), is a 368-page assessment of India's entire AML/CFT framework. The results directly affect how global correspondent banks, investors, and regulators perceive India risk.
Technical Compliance Ratings (40 Recommendations)
| Rating | Count | Key Recommendations |
|---|---|---|
| Compliant (C) | 11 | R.1 (Risk Assessment), R.10 (CDD), R.20 (STR Reporting), R.29 (FIU), R.36-40 (International Cooperation) |
| Largely Compliant (LC) | 26 | R.3 (ML Offence), R.4 (Confiscation), R.6 (Targeted Financial Sanctions-Terrorism), R.15 (New Technologies), R.24 (Legal Persons) |
| Partially Compliant (PC) | 3 | R.8 (Non-Profit Organisations), R.12 (PEPs), R.28 (DNFBPs Regulation) |
| Non-Compliant (NC) | 0 | None |
Effectiveness Ratings (11 Immediate Outcomes)
| Immediate Outcome | Area | Rating |
|---|---|---|
| IO.1 | Risk, Policy and Coordination | Substantial |
| IO.2 | International Cooperation | Substantial |
| IO.3 | Supervision | Moderate |
| IO.4 | Preventive Measures | Moderate |
| IO.5 | Legal Persons and Arrangements | Substantial |
| IO.6 | Financial Intelligence | Substantial |
| IO.7 | ML Investigation and Prosecution | Moderate |
| IO.8 | Confiscation | Substantial |
| IO.9 | TF Investigation and Prosecution | Moderate |
| IO.10 | TF Preventive Measures and Financial Sanctions | Moderate |
| IO.11 | PF Financial Sanctions | Substantial |
The key takeaway: India's technical compliance is strong (37/40 compliant or largely compliant), but effectiveness — actually catching and convicting money launderers — lags behind. India recorded only 28 ML convictions over the last five years, significantly impacted by constitutional challenges to PMLA that were only settled by the Supreme Court in 2022 (Vijay Madanlal Choudhary). Many cases remain pending trial due to court system saturation.
Sanctions Screening: UNSC, OFAC, and EU Obligations
Foreign companies operating in India must navigate multiple, overlapping sanctions regimes. The compliance burden depends on your company's jurisdictional nexus — where you are incorporated, where your banks are, and where your counterparties are located.
UNSC Sanctions (Directly Applicable in India)
India, as a UN member state, is legally obligated to implement all UNSC sanctions resolutions. The Ministry of External Affairs (MEA) coordinates implementation through government orders under the UN (Security Council) Act, 1947. FIU-IND maintains the UNSC Sanctions List on its website, and the RBI issues circulars directing all regulated entities to screen customers against these lists. Current UNSC sanctions programs applicable in India cover: DPRK (North Korea), Iran, Somalia, Iraq, Libya, Yemen, Mali, Sudan, Congo, Lebanon, Haiti, and Guinea-Bissau.
Indian financial institutions must immediately freeze assets of any customer matching a UNSC-designated individual or entity and report to the relevant authority. SEBI issues parallel directives for securities market intermediaries under Section 12A of the WMD Act, 2005.
OFAC Sanctions (Relevant for US-Nexus Companies)
The US Office of Foreign Assets Control (OFAC) does not directly regulate Indian companies, but its reach extends to any entity with a US nexus — defined as any transaction that: (a) involves a US person (including US-citizen directors, employees, or signatories); (b) passes through the US financial system (including USD-denominated wire transfers that clear through US correspondent banks); or (c) involves US-origin goods, software, or technology.
Recent OFAC enforcement actions demonstrate the risk: in October 2024, OFAC sanctioned 19 Indian companies and 2 Indian individuals under its Russia-related sanctions program (Executive Order 14024) for supporting Russia's military-industrial base. Separately, Godfrey Phillips India Ltd. settled with OFAC in 2023 for causing US banks to process dollar transactions related to tobacco product supply to North Korea.
For foreign companies with US subsidiaries or investors, every Indian counterparty and transaction must be screened against the OFAC Specially Designated Nationals (SDN) list. Secondary sanctions add another layer: OFAC can sanction non-US persons for engaging in certain transactions (particularly in the Iran, Russia, and DPRK contexts) even without a direct US nexus.
Practical Sanctions Screening Framework
| Sanctions Program | Applicable To | Screening List | Enforcement Body | Consequence of Violation |
|---|---|---|---|---|
| UNSC | All Indian entities | UNSC Consolidated List | MEA / RBI / SEBI | Asset freeze, criminal penalties under WMD Act (up to life imprisonment) |
| OFAC (US) | Entities with US nexus | SDN List, Sectoral Sanctions List | OFAC / US DOJ | Fines up to USD 20 million, imprisonment up to 30 years |
| EU | Entities with EU nexus | EU Consolidated Sanctions List | EU Member State authorities | Asset freeze, criminal penalties per member state law |
| India Autonomous | All Indian entities | UAPA Schedule / MEA notifications | NIA / MHA | Criminal penalties under UAPA, FTDR Act fines up to 5x transaction value |
PEP Identification and Enhanced Due Diligence
A Politically Exposed Person (PEP) is an individual entrusted with a prominent public function. The FATF Recommendations (R.12 and R.22) require enhanced due diligence for PEPs, their family members, and close associates. India's implementation has a critical gap that foreign companies must understand.
India's PEP Framework Under PMLA
The PMLA Rules (amended March 2023) formally define PEPs as individuals entrusted with prominent foreign public functions — heads of state, senior politicians, senior government/military officials, executives of state-owned corporations, and senior political party officials. The definition explicitly covers foreign PEPs only. India has no specific provisions for domestic PEPs — this was flagged as a partial compliance gap in the 2024 FATF evaluation (R.12).
For foreign companies, this means: if your directors, shareholders, or beneficial owners include government officials from any country outside India, your Indian bank will apply enhanced due diligence including senior management approval for the relationship, source of wealth verification, and ongoing enhanced transaction monitoring. However, if your Indian joint venture partner is a domestic politician, the same level of enhanced scrutiny is not mandated by PMLA — a notable inconsistency.
EDD Requirements for PEP Relationships
- Senior management approval to establish or continue the business relationship
- Reasonable measures to establish source of wealth and source of funds
- Enhanced ongoing monitoring of the business relationship
- Separate record maintenance and reporting to ED upon request
- The PEP designation continues for a minimum period after the person ceases to hold the public function (typically 1-2 years per RBI guidelines)
FATF Travel Rule and Wire Transfer Compliance
The FATF Travel Rule (Recommendation 16) requires that originator and beneficiary information accompany wire transfers throughout the payment chain. India implemented this through RBI Master Directions on KYC for wire transfers.
For cross-border wire transfers from India, the originating bank must include: name of the originator, originator account number (or unique transaction reference), originator's address, national identity number, customer identification number, or date and place of birth. For domestic transfers of INR 50,000 and above where the originator is not an account holder, the same information requirements apply.
In the VDA (cryptocurrency) space, India extended Travel Rule requirements to Virtual Digital Asset Service Providers (VDASPs) through the March 2023 PMLA amendment. FIU-IND issued specific AML/CFT guidelines for VDA service providers, and in 2024-2025, blocked 25 offshore crypto exchanges that failed to register and comply.
How This Affects Foreign Investors in India
International AML compliance creates practical friction at multiple levels for foreign companies:
- Banking onboarding delays: Indian banks screen foreign entities against UNSC, OFAC, and EU sanctions lists. If your company is incorporated in a jurisdiction with elevated sanctions risk (e.g., certain Middle Eastern or Central Asian countries), expect 4-8 weeks for account opening instead of the standard 2-3 weeks. Correspondent banks (Citibank, JPMorgan, Deutsche Bank) apply their own screening on top of Indian requirements.
- Investor PEP disclosure: If any shareholder or director of your foreign parent company is a PEP, you must disclose this proactively. Failure to disclose leads to STR filings when the bank discovers the PEP connection independently — creating a permanent suspicious activity record.
- USD payment routing: All USD-denominated payments to India clear through US correspondent banks, subjecting them to OFAC screening. If your Indian subsidiary pays a vendor who happens to be on the SDN list, the payment will be blocked and reported — even if neither you nor the vendor has any US presence.
- Russia-related sanctions risk: Post-2022, companies with Russian shareholders, directors, or business relationships face heightened scrutiny. The October 2024 OFAC designation of 19 Indian entities demonstrates that Indian operations are not insulated from secondary sanctions risk.
- Sector-specific concerns: Defence, energy, and technology sectors face overlapping sanctions programs. A foreign company in these sectors must screen every Indian counterparty, sub-contractor, and end-user against multiple lists before engaging.
Common Mistakes
- Assuming India is not affected by OFAC sanctions because it is not a sanctioned country. India itself is not sanctioned, but USD transactions, US-person involvement, or US-origin technology create OFAC jurisdiction. The 2024 designation of 19 Indian entities proves that Indian companies are squarely in OFAC's enforcement scope. Every foreign company routing USD through India has exposure.
- Screening only at onboarding and not on an ongoing basis. Sanctions lists are updated frequently — OFAC updates the SDN list multiple times per month, and UNSC designations can occur at any time. A counterparty that was clean at onboarding may be designated months later. Continuous screening is required, not just point-in-time checks.
- Treating FATF compliance as a purely technical exercise. India scores well on technical compliance (37/40) but only "Moderate" on effectiveness in several areas including supervision (IO.3) and preventive measures (IO.4). This means the rules exist on paper, but enforcement is uneven. Foreign companies cannot rely on Indian counterparties' self-reported compliance — independent verification is necessary.
- Not disclosing domestic PEP relationships because India only mandates screening of foreign PEPs. While PMLA only defines foreign PEPs, international best practice (and your home country's AML laws) likely requires screening of all PEPs. If your joint venture partner in India is a domestic politician, your home regulator expects you to apply EDD — even if the Indian bank does not.
- Confusing FATF grey-listing with actual sanctions. India has never been grey-listed by FATF (it was placed in "regular follow-up" in both 2010 and 2024 — the highest category). However, some foreign compliance teams incorrectly flag India as high-risk based on outdated or confused information. Correcting this misconception with your compliance team can prevent unnecessary friction.
Practical Example
Meridian Defence Systems GmbH, a German defence technology company, seeks to establish a wholly owned subsidiary in India — Meridian India Pvt Ltd — to supply components to Indian defence contractors under the PLI scheme. The investment is EUR 2 million (approximately INR 18 crore).
Sanctions Screening Challenge: During bank account opening with SBI, the compliance team discovers that Meridian GmbH's minority shareholder (8% stake) — Viktor Petrov — is a Russian national who formerly served as a deputy minister in Russia's Ministry of Industry and Trade. He resigned in 2021.
PEP Assessment: Petrov qualifies as a foreign PEP under PMLA Rules. SBI applies enhanced due diligence: senior management approval is required, source of Petrov's wealth must be documented, and enhanced ongoing monitoring is mandated. Additionally, Petrov is screened against the OFAC SDN list and EU sanctions list — he is not designated, but his former government role triggers heightened scrutiny.
OFAC Exposure: Because Meridian India will receive USD payments from its German parent (which banks with a US-headquartered bank), all transfers are subject to OFAC screening. The compliance team confirms that Petrov's 8% stake does not trigger the OFAC 50% rule (where entities owned 50%+ by a designated person are themselves deemed designated), but documents this analysis for the compliance file.
Outcome: Account opening takes 6 weeks instead of the usual 3 weeks. SBI requires annual re-certification of Petrov's non-designation status and source of funds. Meridian India also engages a sanctions screening software provider (cost: approximately INR 3-5 lakh per year) to continuously screen all Indian vendors and counterparties against consolidated sanctions lists.
If Meridian had not disclosed the PEP connection: SBI's own screening would have identified Petrov during periodic KYC review. The non-disclosure would have triggered an STR filing to FIU-IND, potential account freeze pending investigation, and reputational damage with the bank — far worse than the upfront 3-week delay.
Key Takeaways
- India achieved "regular follow-up" status in its 2024 FATF Mutual Evaluation — the highest category — with 37/40 recommendations rated compliant or largely compliant. Partial compliance exists for PEPs (R.12), NPOs (R.8), and DNFBPs (R.28).
- UNSC sanctions are directly applicable in India through the UN (Security Council) Act, 1947. OFAC sanctions apply to any transaction with a US nexus (USD payments, US persons, US-origin technology).
- India's PEP framework under PMLA covers only foreign PEPs — there are no specific domestic PEP provisions, a gap flagged by FATF.
- OFAC designated 19 Indian entities in October 2024 for Russia-related sanctions violations — Indian operations are not insulated from US enforcement.
- The FATF Travel Rule applies to both traditional wire transfers and VDA (crypto) transactions in India, with FIU-IND blocking 25 non-compliant offshore exchanges in 2024-2025.
- Foreign companies should proactively disclose PEP connections and screen all counterparties against UNSC, OFAC, and EU lists to avoid STR filings and account freezes.
Need help navigating international sanctions screening and PEP compliance for your India operations? Beacon Filing provides comprehensive compliance outsourcing including sanctions screening setup, PEP due diligence coordination, and ongoing FATF-aligned compliance management.