AML requirements for covered institutions and individuals

Enforcement and regulation

Which government entities enforce the AML regime and regulate covered institutions and persons in your jurisdiction? Do the AML rules provide for ongoing and periodic assessments of covered institutions and persons?

There are several government entities that are collectively responsible for different aspects of enforcement and regulation of the AML framework in India.

The Financial Intelligence Unit (FIU) was set up by the government by way of an office memorandum on 18 November 2004 as the central national agency responsible for receiving, processing, analysing and disseminating information relating to suspect financial transactions. The FIU is also responsible for coordinating and strengthening the efforts of national and international intelligence, investigation and enforcement agencies in pursuing global efforts against money laundering and related crimes. The FIU is an independent body reporting directly to the Economic Intelligence Council, headed by the Finance Minister.

By way of an order dated 1 July 2005, the central government empowered the Directorate of Enforcement (ED), which is under the administrative control of the Department of Revenue of the Ministry of Finance and the government for operational purposes, to exercise exclusive powers regarding the investigation and prosecution of cases under the Prevention of Money Laundering Act 2002 (the PML Act).

In addition, section 54 of the PML Act provides that certain officers are empowered and required to assist authorities under the PML Act with enforcement. Given that the PML Act requires that the scheduled offence (ie, the offence under the Indian penal statutes set out in the Schedule to the PML Act) and the offence of money laundering are tried together, the investigative agencies responsible for prosecuting the scheduled offence have been mandated to assist the ED that is authorised to prosecute the offence of money laundering.

Further, the Reserve Bank of India (RBI) regulates banks and financial institutions, including in relation to their obligations under the PML Act, the Prevention of Money Laundering (Maintenance of Records) Rules 2005, as amended from time to time (the PML Rules) and the RBI Know-Your-Customer Directions 2016 (the RBI KYC Master Directions). Similarly, the Securities and Exchange Board of India (SEBI) regulates intermediaries registered with it, including in relation to their obligations under the PML Act, the PML Rules and the Master Circular on Guidelines on AML Standards and Combating Financing of Terrorism, and Obligations of Securities Market Intermediaries under the PML Act and Rules Framed Thereunder (the SEBI AML Guidelines).

Covered institutions and persons

Which institutions and persons must have AML measures in place?

Reporting entities (ie, banks, financial institutions, persons carrying out a designated business or profession (designated persons) and intermediaries) are required to carry out certain AML measures, including customer identification, client due diligence (CDD), customer acceptance, and tracking and reporting of certain types of transactions. The terms ‘financial institutions’, ‘intermediaries’ and ‘designated persons’ have broad definitions under the PML Act.

Financial institutions have been defined as companies, corporations or cooperative societies carrying out the activities prescribed under section 45I of the RBI Act 1934. They include chit fund companies, housing finance institutions, authorised persons, payment system operators, non-banking financial companies (NBFCs) and the Department of Posts.

Intermediaries have been defined as:

  • stockbrokers, share transfer agents, merchant bankers, underwriters, investment advisers or other institutions registered as intermediaries with the SEBI under section 12 of the SEBI Act 1992;
  • associations registered or recognised under the Forward Contracts (Regulation) Act 1952 or any members of such associations;
  • institutions registered with the Pension Fund Regulatory and Development Authority as intermediaries; and
  • recognised stock exchanges.


Designated persons include, inter alia, the following:

  • person carrying out activities for playing games of chance for cash or kind, including such activities associated with casinos;
  • the Inspector General of Registration appointed under section 3 of the Registration Act 1908;
  • real estate agents (ie, persons engaged in providing services in relation to sale or purchase of real estate) having an annual turnover of 2 million rupees or above;
  • dealers in precious metals and precious stones if they engage in any cash transactions with a customer in an amount equal to or above 1 million rupees, carried out in a single operation or in several operations that appear to be linked; and
  • persons engaged in the safekeeping and administration of cash and liquid securities on behalf of other persons, as may be notified by the central government.


Taking note of increasing use of cryptocurrency in money laundering, the Ministry of Finance of Indian government notified by way of a notification dated 7 March 2023 that the following activities, when carried out for or on behalf of another natural or legal person in the course of business, shall constitute a designated business or profession under PML Act:

  • exchange between virtual digital assets (VDAs) and fiat currencies;
  • exchange between one or more forms of VDAs;
  • transfer of VDAs;
  • safekeeping or administration of VDAs or instruments enabling control over VDAs; and
  • participation in and provision of financial services related to an issuer’s offer and sale of a VDA.

Do the AML laws applicable in your jurisdiction require covered institutions and persons to implement AML compliance programmes? What are the required elements of such programmes?

Pursuant to the PML Act and the PML Rules, reporting entities are required to appoint a principal officer who is responsible for supplying information specified under the PML Rules to the office of the director of the FIU, and a designated director who is responsible for ensuring compliance with the obligations cast on the reporting entity under Chapter IV of the PML Act and the PML Rules. Names, designations and addresses (including email addresses) of the principal officer and the designated director, including any changes thereto, must be intimated to the office of the director of the FIU. The designated director is required to be of a sufficiently senior position and able to discharge the functions with independence and authority. Further, every SEBI-registered intermediary should ensure that the proper policy framework required by the SEBI AML Guidelines is put into place.

Financial institutions (and other entities regulated by the RBI are required to have a know-your-customer (KYC) policy duly approved by the board of directors of the entity or any committee of the board to which such power has been delegated. The KYC policy must include a customer acceptance policy, risk management parameters, customer identification procedures and monitoring of transactions. These regulated entities are mandated to carry out money laundering and terrorist financing risk assessment exercises periodically to identify, assess and take effective measures to mitigate their money laundering and terrorist financing risk for clients, countries or geographic areas, products, services, transactions, or delivery channels. Regulated entities are further required to apply a risk-based approach for the mitigation and management of identified risks, and should have in place policies, controls and procedures in this regard that have been approved by their board of directors.

Record-keeping and reporting are integral elements of the compliance programme.

Further, as part of such compliance requirements, reporting entities and their directors, officers and employees (permanent and temporary) are prohibited from disclosing (tipping off) to their client the fact that a suspicious transaction report or related information is being reported or provided to the FIU.

Breach of AML requirements

What constitutes breach of AML duties imposed by the law?

The following constitute a breach of AML duties imposed by law:

  • acting in breach of section 3 of the PML Act by way of direct or indirect attempts to indulge in, knowingly assist or knowingly become a party to, or have actual involvement in, the process or activity connected with the proceeds of crime (including its concealment, possession, acquisition or use) and projecting or claiming such proceeds of crime as untainted property; or
  • reporting entities acting in breach of the various compliance requirements imposed on them under Chapter IV of the PML Act, the PML Rules or specific guidelines and regulations issued by the RBI KYC Master Directions and the SEBI AML Guidelines.
Customer and business partner due diligence

Describe due diligence requirements in your jurisdiction’s AML regime.

The PML Rules require that every reporting entity:

  • at the time of commencement of an account-based relationship, verify the client’s identity as well as its beneficial owners (if the client is acting on behalf of a beneficial owner) and obtain information on the purpose and intended nature of the business relationship; and
  • in all other cases, verify the client’s identity while carrying out:
    • transactions of an amount equal to or exceeding 50,000 rupees, whether conducted as a single transaction or several transactions that appear to be connected; or
    • any international money transfer operations.


However, irrespective of the amount deposited, invested or transacted by clients, no minimum threshold or exemption is available from obtaining the minimum information or documents from clients as stipulated in the PML Rules regarding the verification of the records of the identity of clients. Further, no exemption from carrying out CDD exists in respect of any category of clients. In other words, there is no minimum investment threshold or category exemption available for carrying out CDD measures by registered intermediaries.

The PML Rules require an intermediary to obtain certain minimum documentation from a client to verify the client’s identity. The nature of the documentation that is required to be obtained is, in turn, dependent on the nature of the client.

The following documents must be obtained by a reporting entity for opening an individual client’s account:

  • the client’s Aadhaar number or proof of possession of an Aadhaar number (for carrying out offline verification), or any officially valid document containing details of his or her identity and address;
  • his or her permanent account number; and
  • other documents in respect of the nature of the business and financial status of the client as may be required.


The RBI also mandates similar KYC norms for banks, requiring regular monitoring of transactions and periodic updates of the customer identification data for high-risk individuals every two years.


Beneficial ownership

A client has been defined as a person who engages in a financial transaction or activity with a reporting entity and includes a person on whose behalf the person engaged in the transaction or activity is acting. The PML Act has been amended to define the term ‘beneficial owner’ as an individual who ultimately owns or controls a client of a reporting entity or the person on whose behalf a transaction is being conducted and includes a person who exercises ultimate effective control over a juridical person. Therefore, an obligation is cast upon the reporting entities to ensure that the entities know the true identity of each and every client. However, where a client is subscribing or dealing with depository receipts or equity shares, issued or listed in jurisdictions notified by the Indian government, of a company incorporated in India and is acting on behalf of a beneficial owner who is a resident of such jurisdiction, the determination, identification and verification of such a beneficial owner will be governed by the norms of such jurisdiction.

The Ministry of Finance, by way of a notification dated 7 March 2023, amended the PML Rules, to (inter alia) bring down the threshold for determining beneficial ownership for purpose of CDD by reporting entities under PML Rules in the following manner:

  • In the case of a company, 10 per cent of shares or capital or profits (the previous threshold was 25 per cent); and
  • in the case of a trust, 10 per cent or more interest (the previous threshold was 15 per cent).
High-risk categories of customers, business partners and transactions

Do the AML rules applicable in your jurisdiction require that covered institutions and persons conduct risk-based analyses? Which high-risk categories are specified? What level of due diligence is expected in relation to customers assessed to be high risk?

The RBI KYC Master Directions and the SEBI AML Guidelines provide for certain parameters of risk perception to be defined in terms of the nature of business activity, location of clients, mode of payments, volume of turnover, social and financial status, and so on to enable the categorisation of customers into low, medium and high risk. Customers requiring a very high level of monitoring (eg, politically exposed persons (PEPs)) may, if considered necessary, be categorised even higher.

Banks, financial institutions and financial intermediaries must put in place documentation requirements in respect of different categories of customers depending on perceived risk and keeping in mind the requirements of the PML Act. The nature and extent of CDD depends on the risk perceived by the bank, and the information sought from a customer must be relevant to the risk category and should not be intrusive. For the purpose of risk categorisation, individuals (other than high net worth individuals) and entities whose identities and sources of wealth can be easily identified, and transactions in whose accounts by and large conform to the known profile, may be categorised as low risk. Banks must apply enhanced CDD for high-risk customers, especially those for whom the sources of funds are not clear.

Some instances of high-risk customers requiring enhanced due diligence include:

  • non-resident customers;
  • high net worth customers;
  • trusts, charities, non-governmental organisations and organisations receiving donations;
  • companies with close family shareholding or beneficial ownership;
  • customers in high-risk countries;
  • PEPs of foreign origin and close relatives of PEPs;
  • non-face-to-face customers and customers with dubious reputations according to publicly available information; and
  • other entities that the intermediaries may suspect or find upon exercising their independent judgement.


However, non-governmental organisations promoted by the United Nations or its agencies may be classified as low-risk customers.

Banks and other regulated entities are mandated to carry out money laundering and terrorist financing risk assessment exercises periodically to identify, assess and take effective measures to mitigate their money laundering and terrorist financing risk for clients, countries or geographic areas, products, services, transactions, or delivery channels. The risk assessment process should consider all the relevant risk factors before determining the level of overall risk, and the appropriate level and type of mitigation to be applied. The risk assessment by regulated entities must be properly documented, and should be proportionate to the nature, size, geographical presence and complexity of the activities or structure of the regulated entity.

Further, the periodicity of the risk assessment exercise must be determined by the board of directors of the entity, in line with the outcome of the risk assessment exercise. However, it should be reviewed at least annually. The outcome of the risk assessment exercise must be put up to the board of directors (or the relevant committee of the board) of the entity and should be made available to competent authorities and self-regulating bodies, as required by them.

Regulated entities must apply a risk-based approach for the mitigation and management of the identified risks and should have policies, controls and procedures, approved by their board of directors, in this regard.

Banks and NBFCs are required to have policies, controls and procedures in place to effectively manage and mitigate their risk, adopting a risk-based approach as discussed above. In this regard, the Indian Banks’ Association has taken initiative in assessing the money laundering and terrorist financing risk in the banking sector, and prepared a guidance note on KYC norms and AML standards in July 2009. The Indian Banks’ Association guidance also provides an indicative list of high-risk customers, products, services and geographies. The RBI has clarified that banks and NBFCs may use the same guidance in their own risk assessments.

Record-keeping and reporting requirements

Describe the record-keeping and reporting requirements for covered institutions and persons.

Pursuant to the PML Rules, every reporting entity is required to maintain a record of all transactions, including a record of:

  • all cash transactions where the value is more than 1 million rupees or its equivalent in foreign currency;
  • all series of cash transactions that are integrally connected to each other and that have been valued below 1 million rupees or its equivalent in foreign currency, where the series of transactions have taken place within a month and the aggregate value of the transactions exceeds 1 million rupees or its equivalent in foreign currency;
  • all transactions involving receipts by non-profit organisations of a value of over 1 million rupees or its equivalent in foreign currency;
  • all cash transactions where counterfeit currency notes or bank notes have been used as genuine currency or where any forgery of a valuable security or a document has taken place facilitating the transactions; and
  • all suspicious transactions; in other words, transactions, including attempted transactions, regardless of whether these are made in cash, that to a person acting in good faith:
    • give rise to reasonable grounds of suspicion that they may involve proceeds of a scheduled offence, regardless of the value involved;
    • appear to be made in circumstances of unusual or unjustified complexity;
    • appear to have no economic rationale or bona fide purpose; or
    • give rise to a reasonable ground of suspicion that they may involve financing of activities relating to terrorism, regardless of whether they are in cash, made by way of:
      • deposits and credits, withdrawals into or from any accounts by way of cheques, traveller’s cheques or transfers from one account to another within the same reporting entity and any other mode in whatever name it is referred to;
      • credits or debits into or from any non-monetary accounts, such as demat accounts or security accounts, in any currency, maintained with the reporting entity;
      • money transfers or remittances in favour of clients or non-clients from India or abroad and to third-party beneficiaries in India or abroad, including transactions on its own account in any currency by any mode of money transfer;
      • loans and advances including credit or loan substitutes, investments and contingent liability by way of subscription to debt instruments such as commercial papers, certificates of deposit, preferential shares, debentures, securitised participation, interbank participation or any other investments in securities; purchase and negotiation of bills, cheques and other instruments; foreign exchange contracts, currency, interest rate and commodity and any other derivatives; or letters of credit, standby letters of credit, guarantees, comfort letters, solvency certificates or any other instrument for settlement or credit support;
      • collection services in any currency by way of the collection of bills, cheques or instruments, or any other mode of collection;
      • all cross-border wire transfers of the value of more than 500,000 rupees or its equivalent in foreign currency where either the origin or destination of the funds is in India; or
      • all purchases and sales by any person of immovable property valued at 5 million rupees or more that is registered by the reporting entity, as the case may be.


For the purpose of reporting suspicious transactions, apart from transactions integrally connected, transactions remotely connected or related must also be considered.

The records required to be maintained with respect to a transaction must contain all the necessary information specified by the regulator of the regulated entity to permit reconstruction of individual transactions, including the following information:

  • the nature of the transaction;
  • the amount of the transaction and the currency in which it was denominated;
  • the date on which the transaction was conducted; and
  • the parties to the transaction.


The records are required to be maintained using the procedure and in the manner specified by the PML Rules. Every reporting entity must maintain such records as are sufficient to permit reconstruction of individual transactions (including the amounts and types of currencies involved, if any) to provide, if necessary, evidence for prosecution of criminal behaviour. Should there be any suspected laundered money or terrorist property, the competent investigating authorities may need to go through the audit trail to reconstruct a financial profile of the suspect account. To enable this reconstruction, registered intermediaries should retain the following information for the accounts of their clients to maintain a satisfactory audit trail:

  • the beneficial owner of the account;
  • the volume of the funds flowing through the account; and
  • for selected transactions:
    • the origin of the funds;
    • the form in which the funds were offered or withdrawn (eg, cheques and demand drafts);
    • the identity of the person undertaking the transaction;
    • the destination of the funds; and
    • the form of instruction and authority.


Every reporting entity must ensure that all client and transaction records and information are made available on a timely basis to the competent investigating authorities. Where required by the investigating authority, they should retain certain records, such as client identification, account files and business correspondence for periods that may exceed those typically required under the relevant legislation, rules and regulations, including the Banking Regulation Act 1949, the RBI Act 1934, the SEBI Act 1992, and the rules and regulations framed under each of these and the PML Act.

The principal officer is under an obligation to supply information relating to suspicious transactions to the office of the director of the FIU no later than seven working days on being satisfied that the transaction is suspicious. Reporting entities should not put any restrictions on operations on the accounts where a suspicious transaction report has been made.

The principal officer must supply information in respect of cash transactions (individual or connected) in the amount of more than 1 million rupees, receipts by NPOs of more than 1 million rupees, counterfeit currency transactions and cross-border wire transfers of a value of more than 500,000 rupees every month to the office of the director of the FIU by the 15th day of the following month. Further, the principal officer must supply information relating to transactions in immovable property valued at more than 5 million rupees every quarter to the office of the director of FIU by the 15th day of the month following the end of a quarter (ie, April, July, October or January). Utmost confidentiality must be maintained in such filings and reporting as tipping off is prohibited.

Pursuant to the RBI KYC Master Directions and the SEBI AML Guidelines, the background – including all documents, office records, memoranda and clarifications – sought pertaining to transactions that deviate from the client’s normal activity and purpose thereof must also be examined, and findings should be recorded in writing. Further, those findings, records and related documents should be made available to auditors as well as to the RBI, the SEBI, the FIU and other relevant authorities during audit, inspection or as and when required. These records must be preserved for a period of at least five years.


Reporting of suspicious transactions

Any suspicious transaction (in the form of a detailed report that includes details of clients, transactions and the nature or reason of suspicion) must immediately be notified to the designated officer within the reporting entity. The principal officer and other related staff members are required to have timely access to client identification data and CDD information, transaction records and other relevant information. There have been some recent developments that may extend suspicious transaction reporting requirements to suspicious transactions involving employees of certain reporting entities as well.

To ensure that the registered intermediaries properly discharge their legal obligations to report suspicious transactions to the authorities, the principal officer acts as a central reference point in facilitating the reporting of suspicious transactions and for playing an active role in the identification and assessment of potentially suspicious transactions, Such an officer has access to and is able to report to senior management at the next reporting level or the board of directors.


UN designated list

Pursuant to a circular dated 23 October 2009, all banks, financial institutions and intermediaries are required to maintain an updated list of designated persons who are subject to UN sanctions measures and run a periodic check based on certain parameters to identify whether those persons have had any transactions with the intermediary. If, pursuant to the check, a client’s details match with the United Nations’ designated persons list, the intermediary is required to inform the joint secretary (Internal Security 1 Division) at the Ministry of Home Affairs, the Unlawful Activities (Prevention) Act 1967 Nodal Officer of the state where the account is held, the Nodal Officer of the SEBI and the office of the director of the FIU of the name and details of the client within 24 hours. If the details of the client match the details of a designated person beyond doubt, the bank, financial institution or intermediary is under an obligation to prevent the person from conducting financial transactions and to notify the joint secretary (Internal Secretary 1 Division) at the Ministry of Home Affairs. These transactions must also be included in the suspicious transaction reports submitted to the FIU in the prescribed format.

Privacy laws

Describe any privacy laws that affect record-keeping requirements, due diligence efforts and information sharing.

Under section 12 of the PML Act, every reporting entity is required to maintain certain records and disclose such information to the authorities under the PML Act.

The Information Technology Act 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (the Sensitive Information Rules) impose certain data protection obligations on the collection, storage and transmission in electronic format of information that is considered to be sensitive personal data or information.

The term ‘sensitive personal data or information’ is defined in the Sensitive Information Rules as personal information (ie, any information relating to a natural person that, in combination with information available or likely to be available with an entity, is capable of identifying the person) that comprises:

  • passwords;
  • financial information, such as bank account, debit card or credit card details;
  • an individual’s physical, psychological and mental health condition;
  • an individual’s sexual orientation;
  • medical records and history;
  • biometric information;
  • any details relating to the above as provided to the body corporate for providing a service; and
  • any information received relating to the above by the body corporate for processing or that is to be stored or processed under a lawful contract or otherwise.


The Sensitive Information Rules lay down practices and procedures that must be followed when collecting, storing and transferring sensitive personal data or information. The Sensitive Information Rules prohibit the sharing of sensitive personal data or information unless the person to whom the data or information pertains (ie, the data subject) has consented in writing to the sharing of the information, or the sharing of the information is necessary for the performance of the contract between the data subject and the body corporate that seeks to share the information. The Sensitive Information Rules, however, expressly permit the disclosure of sensitive personal data or information:

  • to the extent necessary to comply with legal obligations;
  • where a government agency that is mandated under law to obtain the information makes a request in writing for the information; and
  • pursuant to any order passed under law that is in force.


Accordingly, the storing and disclosure of information in terms of the PML Act should not be in violation of the Sensitive Information Rules. In addition, section 14 of the PML Act also provides that no civil or criminal proceedings may be initiated against a reporting entity for divulging records of transactions to the enforcement authorities under the PML Act in accordance with the provisions of section 12 of the PML Act.

An entity that collects, possesses or handles the personal information or sensitive personal data or information of the provider of the information is required to maintain a privacy policy for handling such information and must ensure that the privacy policy is available to the providers of the information in accordance with Rule 4 of the Sensitive Information Rules. The privacy policy must also be published on the website of the entity or any person on its behalf. The privacy policy must stipulate, inter alia:

  • the type of personal information or sensitive personal data or information collected; 
  • the purpose and usage of the information;
  • the details regarding disclosure of the information to third parties; and
  • the reasonable security practices and procedures followed by the body corporate to safeguard the personal information.
Resolutions and sanctions

What is the range of outcomes in AML controversies? What are the possible sanctions for breach of AML laws?

An offence of money laundering is punishable by a fine and imprisonment for a term of between three years and seven years. The maximum term of imprisonment may extend to 10 years if the proceeds of crime relate to an offence under the Narcotic Drugs and Psychotropic Substance Act 1985, which deals with crimes relating to narcotics. The availability of plea bargaining for offences under the PML Act is unclear.

Under the PML Act, fines ranging from 10,000 to 100,000 rupees for each failure can be imposed on a reporting entity if it has failed to maintain records or supply information in the manner prescribed under the PML Act and the PML Rules.

In addition, although the PML Act and PML Rules do not provide for the revocation of licences of reporting entities, this may be possible based on the circulars relating to KYC and AML issued by the regulators of the reporting entities. The RBI KYC Master Directions were issued by the RBI under section 35A of the Banking Regulation Act 1949 (which empowers the RBI to issue such general or specific directions as it may deem fit), as well as under the PML Rules. Section 35A of the Banking Regulation Act 1949, read with section 22, provides that, if a banking company does not comply with a direction validly issued by the RBI, the RBI has the power to revoke the banking licence of the banking company. Accordingly, if a banking company fails to comply with the provisions of the RBI KYC Master Directions, the RBI may be empowered to revoke the licence of the banking company.

Similarly, sections 45K and 45L read with section 45IA(6) of the RBI Act 1934 provide that, if an NBFC fails to comply with the provisions of a direction issued by the RBI – including, for instance, the RBI KYC Master Directions – the RBI is empowered to cancel the registration of the NBFC.

Section 11B of the SEBI Act 1992, inter alia, empowers the SEBI to regulate the securities market by any measures as it thinks fit and to cancel the licence of an intermediary for non-compliance with the directions issued by the SEBI, including, for instance, the SEBI AML Guidelines.

Limitation periods for AML enforcement

What are the limitation periods governing AML matters?

The PML Act does not specifically provide for a limitation period in relation to the offence of money laundering. However, section 468 of the CrPC specifies the limitation periods of various categories of offences in India. Under section 468, for an offence punishable with imprisonment for a term greater than three years, there is no limitation period. The CrPC defines the term ‘offence’ to mean ‘any act or omission made punishable by any law for the time being in force’. Consequently, the offence of money laundering under the PML Act constitutes an offence within the meaning of the CrPC. Given that the offence of money laundering is punishable with a term of imprisonment of between three and 10 years, in accordance with the provisions of section 468 of the CrPC, there is no limitation period for the offence of money laundering.

Further, under section 468 of the CrPC, if two or more offences are being tried together, the limitation period for each offence will be determined with reference to the offence that is punishable with the most severe punishment. Thus, if a person is prosecuted simultaneously for a scheduled offence punishable by imprisonment for a term of less than three years together with the offence of money laundering under the PML Act (which is punishable with imprisonment for three or more years), even if the limitation period for the underlying scheduled offence may have expired when considered independently, the accused person may still be tried for the scheduled offence in light of section 468 of the CrPC, given that the limitation period in such a scenario for both offences would be determined based on the offence of money laundering and not the scheduled offence.


Do your jurisdiction’s AML laws have extraterritorial reach?

The PML Act applies to the whole of India; however, its application is not restricted to proceeds of crime situated in India. The term ‘proceeds of crime’ is defined under the PML Act to include any property or assets, wherever located, that is derived from, arises out of or is obtained as a result of any criminal activity related to any of the scheduled offences. The PML Act envisages the attachment and confiscation of equivalent assets in India where the proceeds of crime have been taken or held outside India. Further, such a right of attachment also extends to property (equivalent to the proceeds of crime) held outside India.

To give effect to this limited extraterritorial application in the context of certain specified offences that may be committed abroad (which also constitute scheduled offences if committed in India) but the proceeds of which may have been remitted to India, section 56 of the PML Act empowers the central government to enter into reciprocal arrangements with the government of any country outside India for enforcing the provisions of the PML Act. This also applies to where the scheduled offence may have been committed in India but the proceeds of the crime are remitted abroad. This also allows for the exchange of information for the prevention of any offence under the PML Act or under the corresponding law in force in that country, or for investigation under the PML Act.

The PML Act also contemplates offences of cross-border implications, which are:

  • offences committed or related to conduct outside India that constitute an offence in that jurisdiction and are scheduled offences under the PML Act, and a part of or all the proceeds of crime arising from such conduct are remitted to India; or
  • scheduled offences committed in India, and part of or all the proceeds of the crime have been transferred or have been attempted to be transferred from India to a place outside India.


Offences of cross-border implications are scheduled offences under the PML Act and, accordingly, the PML Act may be applicable to those offences.

Further, UN Security Council Resolution 1373 (2001) obliges countries to freeze without delay the funds or other assets of:

  1. persons who commit, or attempt to commit, terrorist acts, or participate in or facilitate the commission of terrorist acts;
  2. entities owned or controlled directly or indirectly by point (1); and
  3. persons and entities acting on behalf of, or at the direction of, point (1) or (2), including funds or other assets derived or generated from property owned or controlled, directly or indirectly, by those persons and associated persons and entities.


Each country has the authority to designate the persons and entities that should have their funds or other assets frozen. Additionally, to ensure that effective cooperation is developed between countries, countries should examine and give effect to, if appropriate, the actions initiated under the freezing mechanisms of other countries. To give effect to the requests of foreign countries under UN Security Council Resolution 1373 (2001), the Ministry of External Affairs will examine the requests made by foreign countries and forward it electronically, with their comments, to a designated officer for the freezing of funds or other assets. Freezing orders take place without prior notice to the designated persons involved.