Last Updated on: 15th July 2026 | Last Reviewed on: 15th July 2026
Key takeaways briefly
- Who is covered: an individual who holds a certificate of practice under section 6 of the Company Secretaries Act, 1980, whether practicing individually or through a firm, when carrying out a notified financial transaction for a client (a “relevant person” under the notification by Ministry of Finance).
- The trigger: carrying out any of the five specified financial transactions for a client, including the creation, operation or management of companies, LLPs or trusts, organising contributions for company creation, and the buying and selling of business entities, but also managing client money, securities or accounts and dealing in immovable property, acts as the trigger to be covered under the PMLA.
- Governing laws: the PMLA, 2002 and the PML (Maintenance of Records) Rules, 2005; the AML/CFT Guidelines for ICAI, ICSI and ICMAI professionals, 19 June 2023; the UAPA 1967 (Section 51A) and the WMD Act, 2005 (Section 12A).
- Supervisor: The Institute of Company Secretaries of India (ICSI). Reports go to the Financial Intelligence Unit – India (FIU-IND); the Enforcement Directorate (ED) enforces the PMLA.
- Core duties: registration with FIU-IND, an internal risk assessment, customer due diligence and KYC, beneficial-owner identification, ongoing monitoring, suspicious transaction reporting, five-year record-keeping and sanctions screening.
This guide is general information on Indian law, not legal advice. For your profession’s specific position, speak to a qualified AML professional.
A company secretary in practice becomes a reporting entity under the Prevention of Money-Laundering Act, 2002 only when carrying out certain specified financial transactions on behalf of a client, as notified by the central government.
It is the nature of the activity, rather than the professional status or the routine secretarial, governance or filing work undertaken in practice, that determines reporting entity status. Once a member holding a certificate of practice undertakes one of the notified transactions, such as forming or managing a company, LLP or trust, or arranging specified financial or corporate transactions, the AML, CFT and CPF obligations apply. These obligations arise primarily from the PMLA, the PML (Maintenance of Records) Rules, 2005, and are further supported by the AML and CFT Guidelines issued jointly for the ICAI, ICSI and ICMAI professionals, the UAPA, the WMD Act and the reporting framework prescribed by the FIU-IND.
The core instruments at a glance
| Instrument | What it does for a CS in practice |
| PMLA, 2002 | The parent Act. Makes a relevant person a reporting entity and creates the core duties of CDD, record-keeping and reporting. |
| PML (Maintenance of Records) Rules, 2005 | Set out what to report and when, how to identify clients and beneficial owners, and the duty to appoint officers. |
| Notification S.O. 2036(E), 3 May 2023 | The notification that lists the specified financial transactions and defines the relevant person as the certificate of practice holder. |
| AML/CFT Guidelines for ICAI, ICSI, ICMAI (19 June 2023) | The relevant person’s working rulebook, issued jointly for the three professions. |
| UAPA Section 51A and WMD Act Section 12A | Impose targeted financial sanctions for terrorism and proliferation financing on a relevant person. |
| FATF Recommendations 22 and 23 | The international standards for DNFBPs that India’s professional regime is built to meet, supported by the FATF accounting-profession guidance of 2019. |
When is a company secretary covered by the PMLA?
The money laundering obligations apply to a company secretary only when, acting in practice and on behalf of a client, the member carries out one of five specified financial transactions. The specified transactions include creation, operation or management of companies, limited liability partnerships or trusts; buying and selling of business entities; organising contributions for the creation, operation or management of companies; management of client money, securities, bank account, savings account, securities account or other assets; and buying or selling any immovable property. For a company secretary, the first two transactions are ones most likely to arise, because company and LLP formation and the administration of corporate vehicles are core duties of the profession.
Secretarial audit, board and general-meeting support, ROC and MCA filings, governance advisory and ordinary compliance certification by themselves do not make a practising CS a reporting entity. Only when the individual undertakes a notified transaction such as the formation, operation or management of a company, LLP or trust for a client, they fall within the ambit of AML law.
These activities are treated as higher risk as corporate vehicles are precisely the structures used to obscure the ownership of illicit funds. A member who does not undertake such work is not a reporting entity on this basis, but the moment it is undertaken, the full set of measures applies.
Are company secretaries reporting entities under the PMLA?
Yes, when they undertake notified transactions and further act as a relevant person. The Prevention of Money-Laundering Act, 2002 creates the offence of money laundering and places core duties on reporting entities. A company secretary in practice becomes a reporting entity under section 2(1)(wa) because the specified financial transactions were notified under the residual sub-clause (vi) of section 2(1) (sa) by notification S.O. 2036(E) of 3 May 2023, and a certificate of practice holder is a relevant person for that notification.
The certificate holder acting as a relevant person must register with FIU-IND and run an AML programme proportionate to their practice. This places a practising company secretary within the same broad group of reporting entities that file with FIU-IND alongside banks, financial institutions and other professionals. As the certificate holder’s core service involves building corporate structures, they face risks associated with the misuse of shell companies, and consequently become part of the wider group of DNFBPs subject to the PMLA.
Supervisory authority for company secretaries in India
The supervisor for company secretaries is their own statutory body, the Institute of Company Secretaries of India (ICSI). It grants a certificate of practice, regulates the professional conduct of its members and oversees compliance with the obligations of the profession.
A relevant person files all the prescribed reports with the Financial Intelligence Unit – India, which receives, analyses and disseminates them, while the Enforcement Directorate investigates and prosecutes the offence of money laundering under the PMLA.
Onboarding clients without a documented due-diligence process?
AML India can put client due diligence, beneficial-ownership checks and suspicious-transaction reporting in place for your practice, keeping you audit-ready without slowing your engagements down.
AML Regulatory Requirements for Company Secretaries in India
AML framework of India for reporting entities is a layered statutory structure. It is best understood by grouping the applicable instruments. The core legislation, the overarching obligations, the sectoral supervisor and its guidelines, the miscellaneous official reports, the international standards, and the allied laws.
Core Legislation
The primary statutes and rules that create the AML, CFT and CPF obligations, grouped into three sub-sets.
AML Legislation
Prevention of Money-Laundering Act, 2002 (PMLA)
India’s parent anti-money laundering statute and the source of a relevant person’s reporting entity status. It defines the offence of money laundering and prescribes the set of preventive measures, customer due diligence under Section 11A and record-keeping under Section 12, that a company secretary must apply whenever a notified financial transaction is carried out for a client. The Act reaches the profession because forming and administering companies, LLPs and trusts is exactly how ownership can be layered and disguised, lending a corporate structure a shield of legitimacy.
The PML (Maintenance of Records) Rules, 2005 (PMLR)
The operational rulebook made under the PMLA, and the principal instrument that a relevant person applies when undertaking the notified transactions on behalf of a client. It instructs what to report and within what timeline (Rule 3 and Rule 8), the procedure to identify clients and beneficial owners (Rule 9), the duty to appoint a Principal Officer and Designated Director (Rule 7), and, under Rule 7(3), the requirement to establish a mechanism to detect suspicious transactions. The PMLR has been amended through 31 Gazette notifications and orders, set out below as a legal history timeline.
| Gazette notification and date | Key change or rule touched |
| G.S.R. 389(E), 24 May 2007 | The very first amendment to the 2005 Rules. It broadened the Rule 2 concept of a suspicious transaction to cover dealings without economic rationale or bona fide purpose and those suggesting terrorism financing, revised Rule 3 around cash dealings in forged or counterfeit currency, substituted Rule 8 on furnishing information to the Director and eased the Rule 9 obligation from requiring three certified copies to a single one. |
| G.S.R. 816(E), 12 November 2009 | It brought in the definitions of non-profit organisation and Regulator, revised the meaning of a suspicious transaction, and prescribed the reporting of NPO receipts above Rupees 10 lakh. It fixed a ten-year retention period under Rule 6 and amended Rule 9 to insist on beneficial owner identification, ongoing due diligence. |
| G.S.R. 76(E), 12 February 2010 | Amended Rules 3, 4, 5, 7 and 9 to strengthen record-keeping and the reporting references. Inserted the first Explanation in Rule 9(1A), defining the beneficial owner as the natural person who ultimately owns or controls a client or on whose behalf a transaction is undertaken. |
| G.S.R. 508(E), 16 June 2010 | Revised Rules 2, 9 and 10. Inserted explanation relating to terrorism financing in rule 2. revised how a reporting entity identifies clients and what it must hold, part of the ongoing 2010 tightening of the CDD and records regime. |
| G.S.R. 980(E), 16 December 2010 | Inserted the small-account regime. It defined the Designated Officer and the small account, added the NREGA job card and the Aadhaar letter to the officially valid documents in Rule 2, and inserted Rule 9(2A) on how such an account is opened and monitored. |
| G.S.R. 481(E), 24 June 2011 | Granted the short title. Through Rule 1 it abbreviated the unwieldy 2005 name to the Prevention of Money-Laundering (Maintenance of Records) Rules, the PMLR shorthand relied on since. |
| G.S.R. 576(E), 27 August 2013 | Amended Rules 2 and 3 and inserted provisions after Rule 10, dealing with definitions, the cash and suspicious transaction reporting duties and the record framework so they fit the reporting obligations more neatly. |
| G.S.R. 288(E), 15 April 2015 | Revised the Rule 2 definitions. Since definitions settle who and what the operative rules capture, the change spread through the framework and began a run of 2015 updates. |
| G.S.R. 544(E), 7 July 2015 | Amended Rules 2, 9 and 10 on definitions, know your customer and record-keeping, clarifying how a reporting entity identifies clients and what it holds, within a substantial 2015 overhaul of the KYC and records provisions. |
| G.S.R. 730(E), 22 September 2015 | Revised Rules 2 and 7. Inserted explanation for the name change supporting document in consideration of officially valid document. And mentioned the issuer and director for the rule 7 clauses. |
| G.S.R. 882(E), 18 November 2015 | Amended the timeline under Rule 9A in which the central government was obligated to set up central KYC records registry for all reporting entities to store and retrieve the copies of KYC records. |
| G.S.R. 347(E), 12 April 2017 | Revised Rule 2 and inserted Rule 9B, drawing the Central KYC Records Registry into the Rules, creating the duty to file client KYC records centrally and the basis to reuse them, the structural addition behind today’s CKYCR. |
| G.S.R. 538(E), 1 June 2017 | Amended Rules 2 and 9 to embed Aadhaar in customer due diligence, prescribing Aadhaar-based identification and authentication for KYC, an approach later reshaped by the Supreme Court’s Aadhaar ruling. |
| G.S.R. 1038(E), 21 August 2017 | Returned to the Rule 2 definitions, resetting the defined terms that govern how the operative rules apply, among several definition updates in 2017. |
| G.S.R. 1318(E), 23 October 2017 | Omitted a sub clause and added a new proviso under Rule 2 clause d regarding the relevancy of proof of address issued by government authority. |
| G.S.R. 456(E), 16 May 2018 | Inserted and substituted clauses under Rule 9 regarding the implementation CDD programme and what shall guidelines specified include. |
| G.S.R. 1078(E), 31 October 2018 | Amended the timeline for filing of electronic records of client’s CDD to CKYC registry within 10 days instead of 3 under Rule 9. |
| G.S.R. 108(E), 13 February 2019 | Revised Rules 2 and 9 on definitions and customer due diligence, after the legislative changes to Aadhaar use, and reset the ways identification could be conducted. |
| G.S.R. 381(E), 28 May 2019 | Revised Rule 9, firming up the identification and verification process and the routes to confirm a client’s identity, part of the post-Aadhaar reshaping of CDD. |
| G.S.R. 582(E), 19 August 2019 | Revised Rules 2 and 9 and inserted provisions after Rule 11, covering definitions, customer due diligence and the supporting provisions on information and records, one of the broader 2019 revisions. |
| G.S.R. 669(E), 18 September 2019 | Amended Rules 2 and 9 again, finalising the definitions and the customer due diligence process within the 2019 run of CDD amendments. |
| G.S.R. 840(E), 13 November 2019 | Revised Rule 9 with further refinements to the identification and verification requirements, ending the 2019 run of CDD changes. |
| G.S.R. 228(E), 31 March 2020 | Amended the operational timeline of the small accountants for the year 2020 and further as notified by the central government. |
| G.S.R. 251(E), 13 April 2020 | Revised Rule 8, which governs the furnishing of transaction reports to the FIU, firming up the manner and content of what a reporting entity submits. |
| G.S.R. 254(E), 16 April 2020 | A follow-up Rule 8 amendment days after the previous one, together reinforcing the reporting provisions and the route by which reports reach the FIU. |
| G.S.R. 798(E), 28 December 2020 | A turning point in widening the regime. Read with G.S.R. 799(E) and 800(E) of the same day, it designated real estate agents and dealers in precious metals and stones and named their regulator, beginning the extension to non-financial businesses that the 2023 notifications later brought to the professions. |
| G.S.R. 575(E), 13 July 2022 | Brought in the International Financial Services Centre definition with a bespoke beneficial owner provision for entities based in an IFSC and added an IFSC proviso to Rule 9A on the CKYCR, adapting the Rules to the GIFT City regime. |
| S.O. 1074(E), 7 March 2023 | A major change of direct relevance to company work. It added definitions of politically exposed persons, non-profit organisations and group and a Rule 3A duty for group-wide AML policies and lowered the company beneficial ownership threshold from 25 to 10 per cent, with a matching change to Rule 9(3)(e), so a member must look deeper into who owns a corporate client. |
| G.S.R. 652(E), 4 September 2023 | The second major 2023 amendment. It mandated the Principal Officer to be at management level, lowered the partnership beneficial-ownership threshold from 15 to 10 per cent, added an Explanation of control, obliged trustees to disclose their status, and required the results of any Rule 3 and Rule 9 analysis to be kept among the records. |
| G.S.R. 745(E), 17 October 2023 | Amended Rules 2, 3, 8 and 9 together, covering definitions, the group-wide policies and programmes and tipping off. Refined several operative provisions in a single notification and completing the 2023 changes. |
| G.S.R. 419(E), 19 July 2024 | Revised Rule 9(1C) on the KYC Identifier and imposed a seven-day deadline to update a CKYCR record after any change, added a duty to fetch the updated record, and redrew Rule 9A(2)(g) on filing, retrieving and using registry records, firming up how current central KYC data is maintained. |
The PML (Manner of Receiving the Records Authenticated Outside India) Rules, 2005
A short set of rules on accepting client records authenticated outside India. For a company secretary they apply when a notified engagement involves an overseas promoter, a foreign shareholder or a non-resident settlor, and the identity and ownership documents relied on for a company or trust were executed and certified abroad rather than in India.
CFT Legislation
The Unlawful Activities (Prevention) Act, 1967 (UAPA)
India’s principal counter terrorism statute. Its Section 51A requires a relevant person to screen clients, promoters and beneficial owners against the designated terrorism lists and to freeze, without delay, the funds and assets of any listed person or entity. The duty attaches to each notified engagement a relevant person undertakes on behalf of a client.
Procedure for implementation of Section 51A of the UAPA (order dated 2 February 2021; corrigendum dated 15 March 2023)
A procedure followed by a relevant person to give effect to Section 51A when a client or the UBO matches a designated list. The joint AML and CFT professional Guidelines incorporate the screening and freezing steps into the compliance practice, converting the statutory order into a workable process.
CPF Legislation
The Weapons of Mass Destruction and their Delivery Systems (Prohibition of Unlawful Activities) Act, 2005 (WMD Act)
India’s principal legislation for combating proliferation financing. Section 12A provides the legal basis for implementing targeted financial sanctions to prevent financing of weapons of mass destruction. It provides for a relevant person because a company or trust formed or administered for a client can be used to route value for a sanctioned network.
Procedure for implementation of Section 12A of the WMD Act (dated 1 September 2023)
The implementation procedure for Section 12A, which mirrors the Section 51A screening, identification and freezing steps but for proliferation financing designations. For a relevant person, it is applied through the AML and CFT joint Guidelines, ensuring terrorism and proliferation lists are both checked in the notified engagements.
The WMD and their Delivery Systems (Prohibition of Unlawful Activities) Implementation Rules, 2016
The subordinate rules that put the WMD Act into operation and support the list handling, freezing and reporting actions a relevant person must be able to carry out when a proliferation financing designation match arises when conducting screening.
Not registered with FIU-IND yet, or unsure whether you have to be?
AML India can confirm whether your firm qualifies as a reporting entity under the PMLA, complete your goAML registration and appoint your principal officer and designated director.
Overarching Obligations
The national framework that a relevant person adopts once a notified transaction is undertaken and the member is treated as a reporting entity.
CERSAI Central KYC Records Registry (CKYCR) Operating Guidelines, 2025
The national registry where a reporting entity uploads a client’s verified KYC record and can retrieve and reuse a record already uploaded by another reporting entity. For a company secretary, it is particularly useful where the same promoter is engaged across several corporate engagements. Accurate identification of beneficial ownership at the onboarding stage is what makes the registry useful and keeps KYC consistent.
FINnet 2.0 reporting formats (2024) and the FINGate 2.0 reports manual (June 2023)
The FIU-IND reporting platform, its 2024 reporting formats and the FINGate 2.0 user manuals through which a relevant person enrols as a reporting entity and files prescribed reports. Enrolling on the portal as a reporting entity is the practical first step once a member begins to carry out the notified transactions for clients.
Section 11A Aadhar authentication procedure for non-banking entities
The procedure by which an entity other than a banking company applies for permission to use Aadhaar authentication services for KYC. It applies to a certificate holder acting as a relevant person for conducting KYC and must obtain approval before verifying a client’s identity through Aadhaar.
Sectoral Framework
The professional supervisor and its instruments. This is the layer that gives the company-secretary regime its own character, because the member’s own institute, the ICSI, supervises compliance while FIU-IND receives the reports and ED undertakes investigations.
Institute of Company Secretaries of India (ICSI)
AML/CFT Guidelines for professionals with certificates of practice from ICAI, ICSI and ICMAI (19 June 2023)
The relevant person’s working rulebook, and the most important instrument on this page. Issued jointly for the professionals of the ICAI, ICSI and ICMAI. The Guidelines explain who is a relevant person, set out the duty to establish policies and procedures, customer due diligence and officially valid documents, beneficial owner identification, transaction monitoring and suspicious transaction reporting, record-keeping, the appointment of a Designated Director and a Principal Officer, and the implementation of Sections 51A and 12A. The guideline is the primary operational reference for the company secretary as it explains the obligations to be implemented.
PMLA Frequently Asked Questions for the professions
The guidance published for the relevant persons under the PMLA, which explains in practical terms when a certificate holder is a relevant person, which engagements are caught and how the obligations apply in practice. It is a useful companion to the joint Guidelines for everyday judgement, and a company secretary should read it alongside the guidance.
Notification designating the professions, S.O. 2036(E) (3 May 2023)
The instrument that brings the specified financial transactions within section 2(1)(sa)(vi) of the PMLA and defines the relevant person by reference to a certificate of practice under the Company Secretaries Act, 1980, the Chartered Accountants Act, 1949 or the Cost and Works Accountants Act, 1959.
Miscellaneous official Reports and Guidance
Official reports and guidance that sit outside the binding rulebook but shape how a relevant person reads risk and duty.
FIU-IND Annual Report 2024-25
The national FIU’s annual report based on the received, analysed and disseminated prescribed reports. Providing valuable insights on emerging risks and FIU-IND’s area of focus. It is a useful resource for a relevant person to understand how DNFBP reporting is evolving and where FIU-IND is focusing its attention.
Directorate of Enforcement Annual Report 2025-26
The Enforcement Directorate’s annual account of investigations, provisional attachments and prosecutions under the PMLA, showing how the criminal-enforcement end of the framework is applied, including cases turning on shell companies and nominee arrangements.
FIU-IND and its Core Functions and FAQs
A simple explanation of what FIU-IND does and how reporting works, a practical first primer for a certificate holder standing up its reporting function and enrolling on FINnet 2.0 for the first time.
MHA National Counter-Terrorism Policy and Strategy
The Ministry of Home Affairs statement of national counter-terrorism policy and strategy, which frames the wider intent behind the CFT duties that Section 51A places on a relevant person.
International Standards
The global benchmarks India is measured against, and the sources a practice can use to calibrate a risk-based approach to the notified engagements.
FATF Recommendations
The global AML, CFT and CPF standards. For practising CS, Recommendations 22 and 23 are particularly significant as they require DNFBPs to undertake customer due diligence and suspicious transaction reporting, and Recommendation 6, as it notifies countries on implementing targeted financial sanctions. These were last updated by FATF in June 2026. India’s legal framework for combatting AML CFT and CPF is developed in line with them.
FATF Mutual Evaluation Report on India, 2024 and Executive Summary
The 2024 FATF peer review of India’s system, with a separate executive summary. It examined how DNFBP supervision and reporting work in practice, the professions included, and it signals where the regime is expected to tighten next, with corporate formation services a recognised area of risk.
FATF Risk-Based Approach Guidance for the Accounting Profession,2019
Sector-specific FATF guidance on the money laundering and terrorist financing risks the accounting and related professions face in the services they provide, and how a risk-based approach should be applied. Much of it reads directly across to a company secretary’s formation and management work, and it is a formatted template for a relevant person’s internal risk assessment.
Allied Laws
The wider body of law that defines the predicate offences and the enforcement machinery around money laundering, together with the statutes that govern the profession and the corporate vehicles it creates. A relevant person does not administer the criminal and enforcement Acts, but they shape the risk to assess and the conduct that may need reporting.
The allied laws that frequently intersect with the AML, CFT and CPF obligations of a practice of certificate holder are those that govern the profession, regulate the entities and transactions of relevant persons, or deal with offences that generate proceeds of crime. These include;
The Company Secretaries Act, 1980 and The Chartered Accountants, the Cost and Works Accountants and the Company Secretaries (Amendment) Act, 2022 which govern the profession and its discipline.
The Companies Act, 2013 which underpins the incorporation, governance and administration of companies and LLPs commonly handled by relevant persons.
The Bharatiya Nyaya Sanhita, 2023 and the Bharatiya Nagarik Suraksha Sanhita, 2023 which provide the provide the principle criminal law and criminal procedural framework.
The Foreign Exchange Management Act, 1999, the Benami Transactions (Prohibition) Act, 1988, the Prevention of Corruption Act, 1988, the Narcotic Drugs and Psychotropic Substances Act, 1985, the Fugitive Economic Offenders Act, 2018, the Black Money (Undisclosed Foreign Income and Assets) and Imposition of Tax Act, 2015, the Foreign Contribution (Regulation) Act, 2010, the Conservation of Foreign Exchange and Prevention of Smuggling Activities Act, 1974 (COFEPOSA), the Smugglers and Foreign Exchange Manipulators (Forfeiture of Property) Act, 1976(SAFEMA), the Arms Act, 1959, the Chemical Weapons Convention Act, 2000 and the Central Vigilance Commission Act, 200. Together, these statutes provide the wider context in which relevant persons assess client risk, identify red flags and ensure compliance with the PMLA framework.
Core AML/CFT/CPF Obligations for Company Secretaries in India
- Register with FIU-IND. Enrol with the Financial Intelligence Unit – India on the FINnet 2.0 / FINGate 2.0 portal once the member begins carrying out the notified transactions for clients, so the relevant person can file its reports.
- Appoint officers. Appoint a Designated Director and a management-level Principal Officer under Rule 7 of the PMLR. The same person cannot hold both roles, and both are to be informed to FIU-IND.
- Conduct the internal risk assessment. Assess money-laundering, terror financing and proliferation financing risk across client types, the notified services and geographies, giving weight to formation and corporate management work, and keep it updated.
- Document AML policy, controls and procedures. Adopt an approved policy that turns the risk assessment into the relevant person’s operating procedures, as required by the joint Guidelines.
- Client identification and CDD. Identify and verify every client and the beneficial owner (a controlling interest of more than 10 per cent for a company or partnership, and more than 15 per cent for an unincorporated association or body of individuals; for a trust, the author, trustees, beneficiaries with a 10 per cent or more interest and any person exercising ultimate control), with enhanced due diligence for politically exposed persons and high-risk clients, under Section 11A of the PMLA, Rule 9 of the PMLR and the joint Guidelines. Look through the corporate or trust structure to the natural person behind it.
- Ongoing monitoring and periodic updating. Monitor the engagement on an ongoing basis, and refresh KYC at least once every 2, 8 and 10 years for high, medium and low-risk clients respectively. Review each client’s risk categorisation at least once every six months and decide whether enhanced due diligence is required.
- Sanctions screening. Screen clients, promoters and beneficial owners against the designated lists under Section 51A of the UAPA and Section 12A of the WMD Act and freeze and report any match. Verify the relevant UNSC and domestic designated lists daily. This duty attaches to each notified engagement.
- Regulatory reporting. File suspicious transaction reports of any value, including attempted transactions, promptly once the Principal Officer is satisfied that a transaction is suspicious, under Rule 8(2) of the PMLR. Where a member handles cash in the notified work, cash transaction reports for cash over Rupees 10 lakh and reports on counterfeit or forged instruments are filed monthly by the 15th day of the succeeding month, under Rule 3. Reports are made through FINnet 2.0.
- Record management, CKYCR and FINnet 2.0. Keep transaction records for five years from the date of the transaction and keep identity records and business correspondence for five years after the business relationship ends, under Section 12 of the PMLA. Upload client KYC records to the Central KYC Records Registry under Rule 9A, reuse an existing record where applicable, and file all prescribed reports through FINnet 2.0.
- Training and awareness. Train partners and staff by role to apply the controls and recognise the red flags that arise in formation and corporate-management engagements.
- Independent testing and audit. Test the programme through internal review or independent audit and close every finding.
What this article does not cover
This article explains the laws and regulatory framework applicable to a company secretary acting as a relevant person. It does not, however, serve as a procedural compliance manual, nor does it cover the secretarial standards and the professional ethical rules that the ICSI sets for practice, except to the extent they relate to AML duties. For practical implementation of client acceptance, KYC and CDD procedures, beneficial owner identification, sanctions screening, transaction monitoring, suspicious transaction escalation, staff training, audit testing and management reporting, are separately documented and addressed in the companion compliance guide.
To see how the professional framework fits within the national framework, see AML laws and regulations in India, and use the parent overview, AML laws and regulations for DNFBPs in India, to see how the professions sit alongside the other designated businesses.
From regulation to compliance: your next step
Knowing the law is only the first step. These obligations become effective only when they are accommodated into a compliance programme of risk assessment, policies and procedures, client due diligence, ongoing monitoring, screening, reporting, training and audit. Since the trigger is the specific engagement, the safest position is to identify at acceptance which mandates are notified transactions, formation and corporate-management work especially, and apply the programme to those from the outset. Understanding the three stages of money laundering and how the sanctions screening process works is a useful starting point.
Not sure which of your mandates are notified transactions?
AML India can help a practice identify which engagements bring it within the PMLA and build a proportionate programme for those.
Frequently Asked Questions
A company secretary in practice and on behalf of a client, carries out one of the specified financial transactions, most commonly the creation, operation or management of a company, LLP or trust, organising contributions for company creation, or the buying and selling of business entities, and also managing client money, securities or accounts and dealing in immovable property, is a reporting entity under the PMLA.
No. Secretarial audit, board and meeting support, ROC and MCA filings, governance advisory and ordinary compliance certification or any other activity that is not a specified transaction under the Ministry of Finance notification, will not make a CS a reporting entity.
The Institute of Company Secretaries of India, the member’s own statutory body, under the AML and CFT Guidelines issued jointly for the ICAI, ICSI and ICMAI professionals. Reports are filed with the Financial Intelligence Unit – India, and the Enforcement Directorate investigates and prosecutes the offence of money laundering.
The activities overlap, but the designation and supervisor differ. A trust and company service provider is designated under a separate notification (S.O. 2135(E)) and supervised directly by FIU-IND, while a company secretary is a relevant person under S.O. 2036(E) and supervised by the ICSI. Incidental company formation by a professional to the extent of filing a declaration is carved out of the TCSP notification, because the professions are covered on their own footing.
No. A company secretary becomes a reporting entity by carrying out a notified financial transaction on behalf of a client, whatever its value. The nature of the activity is the trigger, not a threshold.
A suspicious transaction report, of any value and including attempted transactions. A member who handles cash in the notified work must also file cash transaction reports for cash over Rupees 10 lakh and reports on counterfeit or forged instruments. All reports go through FINnet 2.0.
By treating the AML core legislation as the primary rulebook for AML, CFT and CPF compliance, a relevant person maintains confidentiality in the usual course of business. However, where a suspicion arises while undertaking a notified transaction, the reporting obligations under PMLA prevail.
Official sources and review
Last reviewed: July 2026. This guide is grounded in the following primary official sources, linked to their official source where available.
- Prevention of Money-Laundering Act, 2002 (India Code)
- Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 (India Code)
- Notification S.O. 2036(E), 3 May 2023, notifying the specified financial transactions (Gazette of India)
- AML/CFT Guidelines for professionals with certificates of practice from ICAI, ICSI and ICMAI, 19 June 2023 (ICSI)
- Company Secretaries Act, 1980 (India Code)
- Unlawful Activities (Prevention) Act, 1967 and Section 51A procedure (MHA)
- WMD Act, 2005 and its Section 12A implementation procedure (India Code)
- FATF Recommendations, including the June 2026 update to Recommendation 6
- FATF Risk-Based Approach Guidance for the Accounting Profession, 2019
- FATF Mutual Evaluation Report on India, 2024
- Financial Intelligence Unit – India, including the Annual Report 2024-25
- Enforcement Directorate annual report 2025-26
Why work with AML India
AML India helps company secretaries in practice meet their PMLA obligations through their sectoral guidelines for the notified engagements, from registration and risk assessment to CDD, beneficial owner Identification, screening, monitoring, reporting, training and independent review.
Industries we serve: Company Secretaries, Chartered Accountants and Cost and Management Accountants, Trust and Company Service Providers, Real Estate Agents, Dealers in Precious Metals and Stones, Virtual Asset Service Providers, Casinos and the Gaming Sector, and Banks, Financial Institutions and IFSC and GIFT City entities.
About the Author
Pathik Shah
FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)
Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.