FIU

Obligations for Maintenance of Records under PMLA- FIU-IND

Page Contents

Obligations for Maintenance of Records under PMLA – FIU-IND

Under Section 12 of the Prevention of Money Laundering Act, 2002 (PMLA), every reporting entity is required to maintain records of all transactions in a manner that enables the reconstruction of individual transactions. This ensures that the information can be used for analysis and investigation if required. These obligations are outlined in more detail under Rule 3 of the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005.

Definition of Records under Prevention of Money Laundering Act

According to Section 12(1), records include books, documents, and transactions stored in electronic form (e.g., computers or any prescribed format). & these records must be easily accessible for reconstruction and examination in case of an investigation or inquiry.

obligation-under-pmla-FIU IND

What are key requirements for maintenance of records after FIU-IND registration?

Transaction Records: Reporting entities must maintain records of all transactions, including:
- Cash transactions exceeding ₹10 lakh or its equivalent in foreign currency.
- Series of cash transactions below ₹10 lakh but aggregating to more than ₹10 lakh within a month.
- Transactions involving non-profit organizations exceeding ₹10 lakh.
- Transactions involving forged or counterfeit currency or valuable securities.
- Suspicious transactions, irrespective of whether they involve cash.
- Cross-border wire transfers exceeding ₹5 lakh or equivalent in foreign currency.
- Purchase or sale of immovable property worth ₹50 lakh or more, registered by the reporting entity.
Identity Records: Reporting entities must also maintain documentation evidencing the identity of their clients and beneficial owners, as well as records of account files and business correspondence relating to clients.
Retention Period: Transaction records should be maintained for five years from the date of the transaction. and Documents evidencing client identity: These should be kept for five years after the end of the business relationship or the closure of the account, whichever is later.

What Constitutes a Suspicious Transaction under PMLA?

A suspicious transaction under Rule 2 of the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 can include any transaction or attempted transaction that raises reasonable suspicion. Suspicious transactions include:

Reasonable grounds for suspicion that the transaction may involve proceeds of a crime.
Transactions made under unusual or unjustified complexity.
The Transactions that appear to lack economic rationale or bona fide purpose.
Transactions that reasonably suspect financing of terrorism, including those linked to terrorist acts or organizations.

Records FIU

Reporting a Transaction under Both CTR and STR

A transaction can be reported under both Cash Transaction Report and Suspicious Transaction Report. For instance, if a cash transaction exceeds the prescribed threshold (e.g., ₹10 lakh) and has elements that raise suspicion (e.g., irregular or unexplained sources), it should be reported both under Cash Transaction Report and Suspicious Transaction Report.

Summary of Travel Rule Data Requirements (Originator & Beneficiary REs)

Travel Rule – Roles and Responsibilities

Aspect	Originating Reporting Entity (RE)	Beneficiary Reporting Entity (RE)
Submission of Originator Information	Mandatory – must submit required originator information to the beneficiary RE	Mandatory – must obtain originator information from the originating RE
Verification of Originator Information	Must verify accuracy as part of its Client Due Diligence (CDD) process	May rely on verification done by originating RE but must ensure data consistency
Submission of Beneficiary Information	Mandatory – must submit required beneficiary information to the beneficiary RE	Mandatory – must obtain beneficiary information from originating RE
Verification of Beneficiary Information	Must monitor transaction to ensure no suspicious activity arises	Must independently verify beneficiary information received
Record Keeping	Must obtain and retain originator and beneficiary information	Must obtain and retain originator and beneficiary information
Sanctions Screening	Must screen beneficiary to ensure the beneficiary is not a sanctioned person/entity	Must screen originator to ensure the originator is not a sanctioned person/entity
Transaction Monitoring	Must monitor transactions and report to FIU-IND if suspicion arises	Must monitor transactions and report to FIU-IND if suspicion arises
Suspicious Transaction Reporting	Mandatory reporting where suspicion is detected	Mandatory reporting where suspicion is detected

Data sharing under the Travel Rule is mandatory, not optional. Originating RE is primarily responsible for collecting and verifying originator information. Beneficiary RE must ensure that information received is complete, consistent, and usable. Both REs must maintain records, conduct sanctions screening, and monitor transactions for suspicious activity.

Suspicious Transaction Report (STR)

Obligation to Report

In accordance with Rule 7(2) and Rule 8(2) read with Rule 3(1)(D) of the PMLR, every Reporting Entity (RE) shall promptly report suspicious transactions, including attempted suspicious transactions, identified through transaction monitoring systems, to FIU-IND.

Alerts and Red Flag Indicators under Suspicious Transaction Report

An alert is the first step in identifying a suspicious transaction and acts as a red flag triggered by potentially suspicious activity. REs shall put in place robust systems and processes to generate alerts based on predefined Red Flag Indicators (RFIs). The design and implementation of RFIs, including minimum alerts and parameters, shall be aligned with guidance issued by FIU-IND from time to time under Rule 7(3) of the PMLR.

Format and Quality of Suspicious Transaction Report

The format for reporting suspicious transactions (including attempted transactions), as required under Rule 7(3) and Rule 8(2) of the PMLR, shall be as prescribed by FIU-IND from time to time. All STRs submitted to FIU-IND shall contain complete, accurate, and meaningful information, including Client KYC details, Wallet addresses, Transaction details, Counterparty information, Grounds for suspicion, and Any other relevant information.

Due Diligence and Quality of Suspicious Transaction Report

Identification and reporting of STRs is a serious statutory obligation under the PMLA. REs shall ensure that every STR is filed only after due application of mind and necessary diligence. To ensure high-quality STR reporting, REs shall effectively leverage all available data, including KYC and CDD information, Transactional data, Technical and metadata information, IP addresses and device identifiers, and Behavioral patterns and risk indicators. REs are expected to make genuine and sustained efforts to file high-quality STRs, which are a critical tool for detecting, deterring, and investigating illicit financial activities.

No Threshold for Suspicious Transaction Report Filing

REs shall file an STR irrespective of the transaction amount or any threshold limit, if there are reasonable grounds to believe that the transaction involves Proceeds of crime; or Financing of terrorism.

Prohibition on Tipping-off

In accordance with Section 12(2) and Section 12A(3) of the PMLA, read with Rule 8(6) of the PMLR, REs, including their Directors, Officers, and Employees (permanent and contractual) shall ensure that The fact of maintaining records; and The furnishing of information to FIU-IND is kept strictly confidential. The prohibition on tipping-off applies before, during, and after the filing of an STR. REs shall ensure that no information relating to STRs or related actions is disclosed to the client or to any unauthorized person at any level.

Submission of Other Reports to FIU-IND

REs shall submit a Monthly Report to FIU-IND in the form, manner, and within timelines prescribed by FIU-IND from time to time. The Monthly Report shall include, in a consolidated manner Key metrics and activity indicators, Compliance status, Reporting statistics, and Any other information as specified by FIU-IND. Regulatory Emphasis on STR filing is substance-based, not amount-based, Confidentiality is absolute, Quality of reporting matters as much as timeliness

FIU-IND Registration Checklist for VDA Service Providers (VDA SPs)

FIU IND Registration Eligibility & Applicability

Entity engaged in notified VDA activities under Notification S.O. 1072(E) dated 07-03-2023
Activities are business-based, irrespective of physical presence in India
The entity qualifies as a Reporting Entity (RE) under PMLA & PMLR

Pre-Registration Preparation for FIU-IND Registration

Appointment of Designated Director (DD)
Must Appointment of Principal Officer (PO)
Internal AML/CFT/CPF Policy approved by the board/partners
Risk-Based Approach (RBA) framework documented
KYC, CDD, transaction monitoring, and Sanctions Screening systems in place

Online Registration of FIU-IND Registration (FINGate Portal)

Entity registered on FINGate portal :

Status shows “Awaiting Approval.”
Temporary Reference ID generated
Acknowledgement email received

Record Keeping Obligations under the PMLA

In accordance with Sections 12(1)(a) and 12(1)(e) of the PMLA, every Reporting Entity (RE) shall maintain and retain prescribed records relating to clients and transactions. The RE shall ensure that All records and documents are securely preserved; and No records are destroyed or altered during the mandatory retention period.

Measures to be Taken under the PMLA

The following measures shall be implemented for the maintenance, preservation, and availability of records:

a) Client Identification Records : REs shall maintain and preserve records relating to client identification and address details obtained at the time of onboarding and during the business relationship for a minimum period of five years after the account or business relationship is closed.

b) Transaction Records : REs shall maintain and preserve complete records of all transactions for a minimum period of five years from the date of the transaction.

c) Records Related to Investigations or Disclosures : Where records relate to Ongoing investigations; or Transactions that are the subject of disclosures to FIU-IND, such records shall be retained until confirmation is received that the case has been closed. Wherever practicable, REs shall Retain relevant client identification documents; and Report any suspicious transactions in accordance with the PMLA and PMLR.

d) Transaction Reconstruction Capability : REs shall maintain sufficient information to enable reconstruction of individual transactions, including:

i. Nature and purpose of the transaction;
ii. Amount and type of Virtual Digital Asset (VDA) and/or fiat currency involved, if any;
iii. Date of the transaction;
iv. Parties to the transaction (originator and beneficiary); and
v. Any other information required for Travel Rule compliance.

e) Record Retention and Retrieval System : REs shall implement a robust record management system with clearly defined procedures for Retention, Maintenance, and Preservation of all transaction and account records as required under the PMLA, PMLR, and these Guidelines. The system shall ensure that records Can be retrieved easily and promptly, and Are made available to competent authorities whenever required.

f) Audit Trails and Data Integrity : REs shall preserve complete audit trails in a tamper-proof manner, including Verification responses, Time stamps, Authentication logs, and System access logs, to ensure data integrity, traceability, and regulatory audit readiness. Regulatory Focus Areas Minimum five-year retention is mandatory, Records must support transaction reconstruction and Tamper-proof audit trails are critical, Prompt availability to FIU-IND and law enforcement is essential

Documents & Information to be Submitted for FIU-IND Registration

Business & Ownership

Note on nature of services and mapping to notified VDA activities
Corporate structure note with organogram
Significant Beneficial Ownership (SBO) details

Statutory & Financial Records

Incorporation documents (MCA)
Annual Returns, BS & P&L – last 3 financial years
Registered office / principal place of business details

Tax & GST Compliance

GST registration certificates (all States/UTs)
required GST returns—last 3 financial years
Income-tax Returns
TDS Forms 26Q / 26QF / 26QE (VDA transactions)

Contracts & Business Relationships

Agreements with exchanges, brokers, custodians, intermediaries, VDA SPs
Brief scope note for each agreement
PACT certificates from FIU-IND registered VDA SPs (where applicable)

Declarations & Questionnaires

Self-declaration – no criminal / law enforcement proceedings
Duly filled FIU-IND AML/CFT/CPF Questionnaire

Cybersecurity & Technology

under the Cyber Security Audit Certificate from CERT-In empanelled auditor
Compliance with CERT-In Directions dated 28-04-2022
Audit covers KYC, AML systems, wallets, APIs, cloud, incident response

In-Person Meeting Readiness

All documents submitted at least 15 days in advance
DD & PO availability confirmed (mandatory)
Live demo readiness of:
KYC & CDD systems
Transaction Monitoring
Blockchain Analytics
Travel Rule compliance
Sanctions screening tools

Registration Outcome

FIU-IND due diligence completed
Approval granted by Director, FIU-IND
FIU Reporting Entity ID (FIU RE-ID) issued

Penalty for Non-Compliance: Maintenance of Records under PMLA

Non-registration attracts action under Section 13(2) of PMLA, FIU-IND may deny or cancel registration for non-compliance, Obligations are activity-based, not location-based. Failure to comply with the record-keeping obligations under PMLA may result in penalties. As per Section 13: The Director of FIU-IND may issue:

- Written warnings.
- Specific instructions for compliance.
- Directions to send periodic reports on compliance efforts.
- Monetary penalties, ranging from ₹10,000 to ₹1 lakh for each failure.

This serves as a strong deterrent against non-compliance and highlights the importance of maintaining records in accordance with the law.