On 17 October 2023, the Ministry of Finance issued a notification amending the provisions of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005 (PMLR).

The following are critical amendments introduced in the PMLR:

Development and implementation of a Group-wide AML program

Implementation of the group AML policy was already a requirement for the reporting entities operating as a group. Now, these reporting entities must develop the necessary policies for exchanging information about Customer Due Diligence and other risk mitigation measures within the group entities. Further, this group-wide AML program must also provide strict norms around maintaining the confidentiality of the information exchanged and refraining from “tipping off”.

Timeframe for filing the Suspicious Transaction Report (STR) removed

The notification modifies Rule 8(2) of the PMLR, removing the timeline of seven (7) days earlier prescribed for filing STR with the Financial Intelligence Unit.

Now, the reporting entities are required to promptly submit the STR once the activity or transaction is identified as suspicious.

Confidentiality of the AML records and exceptions therearound

The revised PMLR provides that the reporting entity and its employees must maintain the AML records and the AML reports filed with FIU with the utmost confidentiality. However, relaxation is granted around this when such information is necessary to be shared with the group entities for analysis or evaluation of unusual or suspicious activities.

Bringing the occasional transactions under AML purview

Now, the reporting entities are required to apply an adequate Customer Due Diligence process (unlike just identity verification as required earlier) when conducting –

  • any occasional transaction amounting to INR 50,000 (fifty thousand) or more, whether carried out as a single transaction or through a series of connected transactions,
  • any international money transfer operations.

Thus, the scope of CDD measures expands from just account-based relationships to occasional transactions to effectively detect the financial crime activities attempted through occasional transactions or international money transfers.

Changes in Customer Due Diligence requirements

To strengthen the customer identification process, the reporting entities are now required to adopt the following additional measures:

  • Verifying the identity of the customer and the beneficial owners using reliable and independent sources
  • Making necessary efforts to understand the nature of the customer’s business
  • Understanding the customer’s legal structure – ownership and control


  • The window of two days, as available earlier, to obtain the CDD details from a third party or from the Central KYC registry (when reliance is placed on such a third party to carry out the CDD process) has not been removed, making mandatory for the reporting entity to get these details on immediate basis.
  • When the customer is a Trust, it is now required to obtain the identification details of the trust’s protector.
  • Inserted a phrase to mandate the reporting entities to maintain the customer’s profile up-to-date and relevant, specifically when the customer is identified as “high-risk”.
  • The entity’s Customer Due Diligence program must be aligned with its exposure to ML/FT and the nature and size of the business.
These amendments are crucial to enhance the country’s fight against financial crimes.