PML Act and Rules: Recent changes may have new compliance requirements
-Team Finserv | finserv@vinodkothari.com
Background
Financial sector entities have to follow PMLA and related rules, including by way of KYC Directions. The Finance Ministry came up with various amendments pertaining to the Prevention of Money-Laundering Act, 2002 (“PML Act”) and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 (‘PML Rules’). The amendments pertain to revised thresholds for ascertainment of beneficial ownership (25% to 10%), implementation of group wide policies for compliance with provisions of Chapter IV, expanding the obligations under PMLA to service providers of virtual digital assets, etc.
Effective date and applicability:
The amendment shall be effective from the same date, i.e. March 07, 2023. It may be noted that the Master Direction – Know Your Customer (KYC) Direction, 2016 (‘KYC Directions’) are issued and updated by the regulator based on the amendment in PML Act and PML Rules. However, the Regulated Entities (RE) are required to ensure compliance with the provisions of PML Act and PML Rules, as amended from time to time. Hence, necessary steps must be taken based on the amendments.
Whether applicable to existing or new customers?
Customer Due Diligence (as required under the PML Act and Rules) is required to be undertaken at the time of commencement of a financial transaction or account-based relationship with the customer. Accordingly, necessary steps must be taken by the RE to ensure compliance with the Amendment Rules for all new customers or new financial transactions undertaken with existing customers after March 07, 2023. However, it is also pertinent to note rule 9(12) of the PML Rules which requires reporting entities to exercise continuous due diligence with respect to the business relationship with every clients.
Prevention of Money-laundering (Maintenance of Records) Amendment Rules, 2023
| Provision | Change | Impact/ Actionable/Remarks |
| Rule 2(1)(cb) & Rule 3A | Insertion of the following definition & Provision “group” shall have the same meaning assigned to it in clause (e) of sub-section (9) of section 286 of the Income-tax Act,1961 As per IT Act: “group” includes a parent entity and all the entities in respect of which, for the reason of ownership or control, a consolidated financial statement for financial reporting purposes,— (i) is required to be prepared under any law for the time being in force or the accounting standards of the country or territory of which the parent entity is resident; or (ii) would have been required to be prepared had the equity shares of any of the enterprises were listed on a stock exchange in the country or territory of which the parent entity is resident; (3A) Implementation of policies by groups. – Groups are required to implement group-wide policies for the purpose of discharging obligations under the provisions of Chapter IV of the Prevention of Money-laundering Act, 2002 (15 of 2003).”. | Background: The amendment imbibes FATF Recommendation No. 18 dealing with Internal Controls and foreign branches and subsidiaries. As per the said recommendation, financial groups should be required to implement group-wide programmes against money laundering and terrorist financing, including policies and procedures for sharing information within the group for AML/CFT purposes. Financial institutions should be required to ensure that their foreign branches and majority-owned subsidiaries apply AML/CFT measures consistent with the home country requirements implementing the FATF Recommendations through the financial groups’ programmes against money laundering and terrorist financing. The FATF Recommendation is premised on the principle that a financial group as a whole may be exposed to money laundering and terrorist financing risk due to activities of its group entities, which are covered under FATF Recommendations, and hence such risk should be identified, managed and mitigated at the group level. Our Remarks: 1. Group would consist of entities which are required to be consolidated for financial reporting purposes (parents, subsidiaries, associates). The focus is on the jurisdiction where the parent entity is resident. Hence, the ambit of the group is limited to that extent. 2. Rule 3A requires having group-wide policies “for the purpose of” discharging obligations under Chapter IV (including some reporting obligations, and obligations to keep and maintain records etc.). Notably, it is only the reporting entity (bank/FI) which is required to perform such obligations. 3. Therefore, group-wide policy is not meant to entail that other entities in the group would perform the same obligations. Instead, the purpose of having such a group-wide policy is to facilitate the reporting entity in discharging such obligations, where say, the transactions might have been undertaken through group entities, or the group entities might have been involved in any manner. 4. In this regard, the interpretive note to Recommendation 18 (of FATF) may be relevant. It says that the group wide programmes should be appropriate to the business of the branches/majority owned subsidiaries, and shall include “policies and procedures for sharing information required for the purposes of CDD and money laundering and terrorist financing risk management”. Besides, other measures include the development of internal policies, procedures and controls, including appropriate compliance management arrangements, and adequate screening procedures to ensure high standards when hiring employees, an ongoing employee training programme; and an independent audit function to test the system. Actionables: The reporting entity shall: 1. Identify the constituents of ‘group’ 2. Identify possible scenarios where transactions can happen through or with the involvement of group entities, 3. Formulate a group-wide policy to ensure necessary facilitation such that the reporting entity can discharge obligations under Chapter IV. In our view, the policy may form part of the existing KYC & AML policy. 4. The policy may be drawn basis the guidance from Recommendation 18 and Interpretive Note (as discussed above) 5. Adequate dissemination of the policy and expectations to the group entities, and sharing of information in respect of identified transactions, from time to time. |
| Rule 2(cf) read with rule 9(9A) | Insertion of the following words in the definition “(cf) “Non-profit organization” means any entity or organisation, constituted for religious or charitable purposes referred to in clause (15) of section 2 of the Income-tax Act, 1961 (43 of 1961), that is registered as a trust or a society under the Societies Registration Act, 1860 (21 of 1860) or any similar State legislation or a Company registered under the section 8 of the Companies Act, 2013 (18 of 2013);” Insertion of the following under rule 9 – “(9A) Every Banking Company or Financial Institution or intermediary, as the case may be, shall register the details of a client, in case of client being a non-profit organisation, on the DARPAN Portal of NITI Aayog, if not already registered, and maintain such registration records for a period of five years after the business relationship between a client and a reporting entity has ended or the account has been closed, whichever is later. | Background: The underlying intent behind the insertion of the definition of Non Profit Organisation (“NPO”) lies in the 40 Recommendations of the FATF wherein a special reference was made to NPO as the sector to be both vulnerable and valuable.[1] Thus, member states were directed to ensure that NPOs are not abused for the purpose of terrorist activity. In line with this intent, the FATF had come up with certain key research quesions and one such question was with respect to who are the NPO’s that are most at risk of abuse from terrorist entities. Our Remarks: Pursuant to this insertion, the NPOs who are registered under the Income tax act will also be recognized under the PML Rules. Further, in terms of the new rule, the NPO needs to be registered with DARPAN. The registration records shall be required to be maintained for a period of 5 years even after closure of account or the end of relationship. Impact/Actionable: The Company shall take note of the following two-fold compliances: 1. Registration of client, in case of non-profit organisation, on the DARPAN Portal of NITI Aayog, if not already registered 2. Maintenance of registration records for a period of 5 years after closure of client account However a key question arises as to whether existing NPO clients will be mandated to register with DARPAN or not. With respect to this ideally, for existing NPO clients as well, a mechanism and timeline should be adopted by the RE to ensure necessary registration. |
| Rule 2(db) | Insertion of the following definition “Politically Exposed Persons” (PEPs) are individuals who have been entrusted with prominent public functions by a foreign country, including the heads of States or Governments, senior politicians, senior government or judicial or military officers, senior executives of state-owned corporations and important political party officials; | Background: The definition of Politically Exposed Person was already a part of the KYC Directions as per the FATF Recommendation. Our Remarks: Through this amendment, the Ministry of Finance has aligned PML Rules with the KYC Directions Impact/Actionable: No major actionable, as the Company was already following this definition as provided for in the KYC Directions |
| Rule 9(3) | Substitution of the following words The beneficial owner for the purpose of client due diligence shall be determined as under a) where the client is a company, the benefical owner is the natural person(s), who, whether acting alone or together or through one or more judicial person has a controlling ownership interest or who exercises control through other means. Explanation:- For the purpose of this sub-clause: Controlling ownership interest means ownership of of or entitlement to more than ten percent of shares or capital or profits of the company; … (e) where the client is a trust, the identification of beneficial owner(s) shall include identification of the author of the trust, the trustee, the beneficiaries with ten percent or more interest in the trust and any other natural person exercising ultimate effective control over the trust through achain of control or ownership | Background: The concept of ‘beneficial ownership’ is relevant in the context of PMLA because in terms of Rule 9 of the PML Rules at the time of commencement of account-based relationship every Reporting Entity has to identify the beneficial owner. Further in terms of Para 3(b)(iv) definition of customer due diligence means identifying and verifying the customer and the beneficial owner.The identification of beneficial ownership is a task that requires piercing of corporate vehicles. In so far as the threshold is concerned, the threshold practiced by member states such as European Union is limited to 25%. The FATF in the Recommendation No. 24 has also provided an outer limit of 25% that needs to be checked in order to decipher the beneficial owner. However it will not be out of place to mention here that the threshold limit of 10% is similar under Companies Act 2013 (as per Rule 2(1)(h) of The Companies (Significant Beneficial Owners) Rules,2018 Our Remarks: Pursuant to this amendment all reporting entities will be mandated to consider the revised limit of 10% (as against the previous limit of 25%) for companies and trusts, which is at par with what has been stated under the Companies Act, 2013. However given the recurring nature of activities a Reporting entity is involved, the operational issues pertaining to ascertaining beneficial owner can lead to excess compliance burden. It is interesting to note here that under the subordinated legislation of PMLA viz KYC Directions, the threshold is still 25%. So, a sense of confusion may arise as to which limit to follow. Any change in PMLA (being the Principal Act) will have to be followed in the subordinated legislations as they cannot override or contravene any provisions of the Principal Statute. Lastly, even though the companies can rely on names provided by third parties, however the ultimate responsibility as per para 14(e) of the KYC directions will be with the regulated entity only. Therefore, the financial entities shall ensure that systems are in place that disallows blind acceptance of names proposed by third parties. Actionable/Impact: The Company shall take note of this revised limit in ascertaining Controlling Interest for the purposes of determining Beneficial Ownership: 1. For company: Entitlement to more than ten percent of shares or capital or profits of the company 2. For a trust: Beneficiaries with ten percent or more interest. In case of corporate lending or lending to trusts, the RE must ensure conducting CDD of the Beneficial Owner determined in accordance with the revised limits. |
| Rule 9 | Insertion of the following clauses: (6)Where the client is a company, it shall for the purposes of sub rule (1), submit to the reporting entity the certified copies of the following documents or[equivalent documents thereof] namely:- ….. (vi) the names of the relevant persons holding senior management position; (vii) the registered office and the principal place of its business, if it is different. (7) Where the client is a partnership firm, it shall, for the purposes of sub-rule (1), submit to the reporting entity the certified copies of the following documents [or the equivalent edocuments thereof], namely:- …. (v) the names of all the partners and address of the registered office, and the principal place of its business, if it is different.” (8) Where the client is a trust, it shall, for the purposes of sub-rule (1), submit to the reporting entity the certified copies of the following documents [or the equivalent edocuments thereof], namely:- … (v) the names of the beneficiaries, trustees, settlor and authors of the trust and the address of the registered office of the trust; and (vi) list of trustees and documents as are required for individuals under sub-rule (4) for those discharging role as trustee and authorised to transact on behalf of the trust.” | Our Remarks: The additional set of documents may pose certain questions such as who all are classified as persons under the senior management banner. In this regard reference may taken from Regulation 16(d) SEBI(LODR) wherein the term Senior Management has been defined to include officers and personnel of the listed entities who are members of its core management team, excluding Board of Directors and are one level below the Chief Executive Officer or Managing Director or Whole Time Directors or Manager(including Chief Executive Officer and Manager, in case they are not part of the Board) and shall specifically include the functional heads, the Company Secretary and the Chief Financial Officer. Impact/Actionable: The Company shall take note of the additional recognized documents that are required to be submitted by companies, partnership firms and trusts for the purposes of conducting client due diligence. This should also be included in the KYC Policy and SOP of the RE for conducting the KYC and CDD of customers. |
Prevention of Money Laundering Act, 2002
| Section 2(1)(sa), read with Notification No. S.O. 1072(E) dated 07.03.2023 | Insertion of new designated business or profession- “person carrying on designated business or profession” means,- …. “(vi) exchange between virtual digital assets and fiat currencies (vii)exchange between one or more forms of virtual digital assets; (viii)ransfer of virtual digital assets; (iv) safekeeping or administration of virtual digital assets or instruments enabling control over virtual digital assets; and (v) participation in and provision of financial services related to an issuer’s offer and sale of a virtual digital asset. Explanation:- For the purposes of this notification “virtual digital asset” shall have the same meaning assigned to it in clause (47A) of section 2 of the Income-tax Act, 1961 (43 of 1961).” | Background: The Government of India had released a Press Release dated February 06, 2023 wherein the Ministry stated that the Direcotrate of Enforecement took cognizance of several cases relating to crypto currence frauds wherein a few crypto exchanges were found to be involved in money laundering. Our Remarks: In line with above findings, the Ministry of Finance has extended the compliance requirements, such as verification of identities, maintenance of records and enhanced due diligence as provided for in the PMLA to various service providers of virtual digital assets (which includes cryptocurrencies, non fungible tokens and other assets as may be notified by the Central Government as per the Income Tax Act, 1961). However, it will be interesting to note how RBI perceives this change given that it’s stance on virtual digital assets has been completely negative[2], whereas the amendment recognises such VDA related activities as ‘designated business or profession’. Impact/Actionable: No major impact on compliances by NBFCs however the additional compliance requirement must be noted and taken care of by entities involved in such recognized business. |
[1] https://www.fatf-gafi.org/en/publications/Financialinclusionandnpoissues/Bpp-combating-abuse-npo.html
[2] In our earlier article we have discussed the SC ruling in Internet and Mobile Association of India vs Reserve Bank of India, which struck down the RBI Circular on Statement on Developmental and Regulatory Policies.
Whether DARPAN reporting is also required to be undertaken by banking company or financial institutions or intermediary in case of their CSR expenditure being done through trusts.
As per the definitions of PMLA , 2002 Client means “a person who is engaged in a financial transaction or activity with a reporting entity and includes a person on whose behalf the person who engaged in the transaction or activity, is acting”;
Furthermore, definition of transaction under includes “any payment made or received in whole or in part of any contractual or other legal obligation”;