FATF’s new findings on AML/CFT compliance in India

India has come a long way since the last round of Mutual Evaluation

FATF announced further improvements in India’s AML/CFT regime in its latest MER, which was based on an onsite inspection in November 2023 and published in September 2024. India achieved strong technical ratings for compliance with FATF Standards. The nation was rated as ‘compliant’ or ‘largely compliant’ with 37 of the 40 Recommendations. Partial compliance was achieved in relation to non-profit organisations (R.8), politically exposed persons (R.12), and regulation and supervision of designated non-financial businesses and professions (R.28).

India achieved a ‘substantial’ level of effectiveness in six areas, including international cooperation, preventing misuse of legal structures, and implementing targeted financial sanctions related to proliferation. However, India was found to have only a ‘moderate’ level of effectiveness in AML/CFT supervision (IO.3). The nation also reached only a ‘moderate’ level of effectiveness in ML/TF preventative measures and financial sanctions implementation (IO.4 & IO.10), and in ML/TF investigation and prosecution (IO.7 & IO.9).

FATF found that, overall, India’s AML/CFT regime is effective and achieving “good” results in areas including risk understanding, use of financial intelligence for investigations, and confiscating illicit assets. Assessors noted that, since 2020, Indian authorities have further stepped-up efforts to counteract financial crime. These include increased money laundering investigations, improved timelines for incoming mutual legal assistance requests, and implementing a new mechanism for targeted financial sanctions to counteract proliferation financing.

However, gaps in risk mitigation measures by Indian FIs remain

FATF assessors determined that Indian financial institutions (FIs) generally demonstrated a “good” understanding of their AML/CFT obligations. The compliance efforts highlighted include applying enhanced measures for higher-risk countries, leveraging new technologies, sanctions screening, and information sharing within financial groups.

“Most of them have put in place comprehensive systems to monitor business relationships and transactions. In many cases, the systems include predefined parameters that consider red flags indicators identified by FIU-IND as well as the entity’s own risk indicators (when those have been developed).”

FATF assessors identified some variations in risk mitigation measures across Indian financial institutions. They noted that larger banks and more tech-driven FIs had more “comprehensive” procedures and “stronger” application of risk mitigation measures. However, an ongoing area requiring improvement is in risk profiling of customers.

“Supervisory findings identified that the risk profiling matrix of some FIs was not extensive or precise enough to capture the ‘true’ risk of clients. Larger banks appear to have more robust procedures in this regard,” assessors remarked. “However, some FIs do not appear to have procedures in place to risk rate their products and services and only risk rank clients.”

The report also identified mixed results in customer due diligence (CDD) record-keeping, along with “inconsistencies” in the breadth of domestic politically exposed persons (PEPs) being identified. It recommended that FIs “update CDD information on the basis of risk, and where required, shorten the time to update high, medium and low risk clients”.

Assessors expressed concern that the requirement to identify beneficial ownership (BO) in case of control by other means or more complex corporate structures “seems to represent a challenge for many FIs”. They highlighted concerning supervisory findings on BO identification and verification within the financial sector. “BO identification was one of the major deficiencies identified by RBI from inspections of commercial banks, while CDD/KYC failures was on the main violations found in inspections of (non-bank) foreign exchange dealers.”

Assessors concluded that “it is not clear if CDD of all FIs had been sufficiently robust enough to identify persons excising control or acting on behalf of the customer.”

The Reserve Bank of India (RBI) published in October 2024 guidance for regulated entities on internal ML/TF risk assessments.

Calls for greater penalties over AML/CFT failings

In the report, FATF called for greater use of monetary penalties against Indian financial institutions with AML/CFT deficiencies. “Monetary penalties, when imposed, are generally not proportionate or dissuasive, in particular for larger firms,” it stated.

Assessors found that India’s FI supervisors mainly addressed AML/CFT breaches with “educative measures”. The Reserve Bank of India (RBI) has, on selected occasions, imposed business restrictions that “appear dissuasive”. These include prohibiting the onboarding of new customers and withdrawing licences for money or value transfer services (MVTS).

The report raised concerns over the value of fines imposed by supervisors for “at least moderate violations” of AML/CFT rules. The RBI issued average monetary penalties of $87,000 to commercial banks, $4,350 to cooperative banks and $8,700 to NBFCs. “The enforcement department’s decision on the significance of the fine appears to be driven on the materiality of failure relative to the size of the institution, rather than a refined consideration of its potential impact,” assessors said.

The AML/CFT failings penalised included inadequate systems for monitoring suspicious transactions, poor customer risk categorisations, and insufficient CDD. In some instances, there were repeated compliance breaches across supervisory cycles, “raising questions on the overall dissuasiveness of the remedial actions applied”.

FATF assessors remarked that, while most FI supervisors (including the RBI) have the power to also sanction responsible individuals by removing key managerial personnel, “the practice has been only sanctioning the entities”. The report recommended that this power “should be considered to improve the dissuasiveness of the [AML/CFT] regime, in particular in case of serious violations”.

The report concluded that “all FI supervisors should ensure that the full range of sanctions are used by FIs supervisors” and that these should be “proportionate and dissuasive, consistent with the seriousness and impact of the specific failures”.

Recent AML/CFT fines by Indian regulators

Indian financial regulators issued dozens of monetary penalties to FIs in recent months. Among the highest of these was a $2.16 million (₹18.2 crore) fine by FIU-IND to a virtual digital asset service provider in June 2024 over failures in monitoring, recording, and reporting suspicious transactions.

A payments bank with multiple AML/CFT compliance violations received two separate fines and was ordered to wind down operations. The RBI and India’s financial intelligence unit (FIU-IND) issued fines of $599,000 (₹5.39 crore) and $600,000 (₹5.49 crore) in October 2023 and March 2024, respectively. The bank’s compliance failings included beneficial ownership identification, suspicious transaction monitoring, customer risk profiling, and ongoing due diligence.

In November 2023, the RBI fined a global bank $595,000 (₹5 crores) for outsourcing reviews of AML alerts to a group company. The bank has been fined multiple times in the past 13 years for various compliance violations, including KYC account opening failures that resulted in fraud.

Top priorities for improving AML/CFT compliance

FATF assessors indicated that FIs which leverage technology well seem to better manage their AML/CFT compliance risks. Best-in-class regulatory technology incorporates data analytics and automation to help FIs better detect suspicious actors and transactions. FIs that leverage configurable software can improve customer screening, enhance decision making, strengthen operational efficiency, reduce risks, and boost compliance ratings. Our AML Playbook provides an overview of the key areas of focus for Asia-Pacific businesses seeking to boost compliance with FATF Standards.

LexisNexis® Risk Solutions provides a suite of innovative technologies that support financial crime compliance. This includes comprehensive data services which enable up-to-date screening for sanctions, PEPs, adverse media coverage, trade finance, and enforcement actions worldwide. Our expert content is maintained by a team of researchers, who regularly review 35,000+ trusted sources in more than 50 languages to deliver detailed profiles of more than six million individuals and entities around the world. We also provide professional advisory services to ensure software implementations are configured to align with organisational requirements and optimised to enable maximum efficiency.

To learn more about how RegTech can strengthen your firm’s AML/CFT compliance, contact us today.