Decoding AML Program Implementation in IFSC Entities

India has set up the International Financial Service Centre (IFSC) to develop India as the global investors’ hub, resulting in foreign investors setting up their business operations in IFSC. With IFSC entities’ global exposure in terms of business activities and customers, the risk of financial crime becomes more worrisome. Strong AML program implementation in IFSC entities must be ensured to overcome the risk of financial crimes. The IFSC-regulated entities must adhere to the AML/CFT regulations introduced by the authorities to safeguard the business and the economy against ML/FT vulnerabilities.

Understanding the applicability of the AML/CFT regulations in IFSC

The IFSC Authority issued the International Financial Service Centre Authority (AML, CFT, and KYC) Guidelines, 2022, to provide detailed instructions and guidance to the business registered into IFSC around combating financial crimes. The IFSCA AML Guidelines have been developed based on the Prevention of Money Laundering Act, 2002 (PMLA) and the Prevention of Money Laundering (Maintenance of Records) Rules, 2005.

The IFSCA AML Guidelines are applicable to all the companies licensed to operate in IFSC and are subject to supervision by the IFSCA. Thus, every IFSC entity has to comply with the AML regulations, irrespective of the nature and size of the business activities – whether a financial institution or a non-financial business or profession.

The IFSCA AML Guideline mandates the regulated entities to assess their risk and implement appropriate AML/CFT policies, procedures, and controls to mitigate these risks.

Non-compliance with AML/CFT regulations by the IFSC entities can result in adverse consequences such as heavy administrative fines, cancellation, or suspension of business licenses. Apart from this, the entities’ reputation is also affected, losing out the customers’ trust and confidence.

Stepwise process for effective implementation of an AML Program in IFSC Entities

To ensure the effectiveness and comprehensiveness of the AML policies, procedures, and systems, the IFSC entities must follow a systematic approach, which includes the following steps:

Assessing the ML/FT risk by conducting Enterprise-Wide Risk Assessment

The AML program has to be customized to manage the actual ML/FT risk exposure of the IFSC business. Thus, the initial exercise is to identify and evaluate the risk the IFSC entity is vulnerable to by performing an Enterprise-Wide Risk Assessment or the AML Business Risk Assessment. The risk assessment must be performed considering the relevant risk factors such as the company’s customer base, the geographies from which the business is conducted, the nature of goods or services offered, the delivery and distribution channels deployed, etc.

The risk assessment must be comprehensive, based on the quantitative and qualitative aspects of the ML/FT risk to identify the potential risk the business may face. The assessed risk must be classified as a high, medium, or low basis, its likelihood of occurrence, and the impact it may cause on the business. Accordingly, resources must be prioritized, and risk mitigation measures must be deployed.

Developing and implementing the AML Policies, Procedures, and Controls

The results of the business risk assessment must be used to design the AML Program of the IFSC entity that can effectively tackle the identified ML/FT risks. The AML framework must be aligned with the nature and size of the business and the applicable regulatory obligations. The policies must include the following:

  1. customer onboarding process (Know Your Customer, customer screening against sanctions, identification of Politically Exposed Person (PEP), Customer Risk Assessment methodology, managing the high risk with Enhanced Due Diligence measures, ongoing transaction monitoring systems, etc.)
  2. Identifying and reporting suspicious transactions (defining the red flags, laying down an internal reporting mechanism, etc.)
  3. AML Governance Structure (appointment of the AML Principal Officer and Designated Director, creating AML awareness, seeking support from the senior management, implementing AML audit function, etc.)
  4. AML Record-Keeping requirement (how and what documents to be maintained)

The AML policies and procedures must be practical to implement in the course of routine business operations conducted by the IFSC entity. The same shall be reviewed and approved by the senior management. These internal policies must be well-communicated amongst the relevant team members to ensure their commitment and contribution towards AML/CFT measures.

The Principal Officer or the AML Compliance Officer must periodically review these defined AML/CFT procedures and controls to consider the legislative amendments, emerging risks, and changing business operations.

Identifying and deploying the right AML Solution

In this tech-driven world, where criminals are using technology to execute money laundering and terrorism financing crimes, business needs to adopt emerging tools and systems to detect and prevent these crimes. This is more relevant for IFSC entities, which serve the entire globe.

In line with the assessed risk and the defined internal policies, the IFSC entities must implement an appropriate AML solution that strengthens the company’s AML efforts. The company must consider using technology that supports customer screening, identifying overall customer risk and deploying adequate due diligence measures, ongoing monitoring of transactions, detecting unusual customer activities, etc.

With the right tools and software, the detection of the risk indicators becomes accurate and real-time, allowing the company to take timely actions to safeguard the business and prevent crime.

Imparting AML Training

An AML Principal Officer cannot manage the AML compliance function in isolation; instead, the support of all the departments, such as sales, accounting, customer relationship management, etc., including the senior management, is required.

The IFSC entities must develop and implement an appropriate AML training program for its employees to create awareness about AML compliance, its internal standards and procedures for combating financial crimes, and how each employee can contribute to safeguarding the company and IFSC against money laundering and terrorism financing vulnerabilities.

The AML training sessions must include discussing customer due diligence measures, ongoing monitoring of the transactions and business relationships, identification and reporting of the ML/FT risk indicators, the consequences of non-compliance with the internal AML/CFT policies, etc.

The training must be conducted for every new joiner, and also periodic refresher courses on AML must be designed to ensure that the staff is up-to-date with AML laws and risk trends.

Periodic Review and Audit of the AML Program

To ensure that the adopted AML/CFT measures are adequate and effective in mitigating the assessed risks, the IFSC entities must implement an independent audit function that periodically reviews the quality of the AML program and identifies the gaps.

The periodic review of the AML functions shall ensure that the company complies with the applicable AML regulations and has a strong working shield against potential money laundering and terrorism financing vulnerabilities.

The AML audit or review must cover the following areas:

  • Checking the relevance of the last conducted Enterprise-Wide Risk Assessment
  • Whether the Customer Due Diligence processes are followed accurately and on a timely basis
  • Review the ongoing monitoring system implemented for checking the transactions and business relationship
  • Whether the red flags listed are adequate and aligned with recent ML/FT typologies
  • Is the internal mechanism for the identification and reporting of suspicious transactions adequate
  • Are the AML records appropriately maintained for the required time frame
  • Is the overall AML program in sync with the outcome of risk assessment and the latest AML regulations

Any gaps or weaknesses identified during the audit or periodic review must be addressed immediately, and remediation measures should be deployed.

With a systematic roadmap to the AML program, the IFSC entities can ensure 100% compliance with the legal requirements, protect themselves from exploitation by financial criminals, and avoid non-compliance consequences (heavy penalties and loss of business reputation).

Partner with AML India to Implement a Robust AML Program for your IFSC Business

With the changing provisions of PMLA and corresponding amendments in IFSCA guidelines, the entities operating in IFSC need to stay updated to ensure the quality and relevance of the implemented AML policies, procedures, and controls. Let AML India help you with smooth navigation of the AML journey, ensuring your AML program is aligned with the outcome of your AML/CFT risk assessment and the latest regulatory landscape. AML India will assist you in managing the ever-evolving risk trends and monitor the regulatory changes so that your AML compliance framework is adequate to combat money laundering and terrorism financing. We help you deploy top-notch systems and controls to fight financial crimes and safeguard the integrity of the IFSC.

About the Author

Pathik Shah


Pathik is a Chartered Accountant with more than 25 years of experience in compliance management, Anti-Money Laundering, tax consultancy, risk management, accounting, system audits, IT consultancy, and digital marketing.

He has extensive knowledge of local and international Anti-Money Laundering rules and regulations. He helps companies with end-to-end AML compliance services, from understanding the AML business-specific risk to implementing the robust AML Compliance framework.