PMLA, FATF and the Customer Due Diligence Framework Explained

PMLA, FATF and the customer due diligence framework form the spine of every banks compliance programme in India. For candidates preparing the IIBF KYC, AML and CFT certificate, understanding how the Prevention of Money Laundering Act, 2002 connects to the global Financial Action Task Force standards and to the RBI Master Direction on Know Your Customer is essential. This article walks through the legal obligations, the customer due diligence and enhanced due diligence process, risk categorisation of customers, the treatment of politically exposed persons, beneficial ownership, and the reporting chain that ends with FIU-India. Master these building blocks and you will answer most exam questions with confidence.

PMLA Obligations and the RBI KYC Master Direction

The Prevention of Money Laundering Act, 2002 (PMLA) is the primary anti-money-laundering statute in India. It criminalises the laundering of proceeds of crime and casts statutory duties on every reporting entity, which includes banks, NBFCs, payment system operators and several designated businesses. The operational rulebook for banks is the RBI Master Direction on KYC, which translates the PMLA and its Maintenance of Records Rules into day-to-day procedure.

Under these obligations a regulated entity must:

• Verify identity of every customer using an Officially Valid Document (OVD) at the time of opening an account or establishing a business relationship.
• Maintain records of transactions and identity documents for at least five years from the end of the relationship or transaction.
• Appoint a Principal Officer and a Designated Director responsible for AML compliance and reporting.
• File prescribed reports with the Financial Intelligence Unit within the stipulated timelines.

The four pillars of a KYC policy under the Master Direction are the Customer Acceptance Policy, Risk Management, Customer Identification Procedure and ongoing Monitoring of Transactions. Failure to comply attracts monetary penalties and supervisory action. If you want to test your grasp of these provisions, try the topic-wise drills on IIBF mock tests, which mirror the certificate exam pattern.

FATF Recommendations and the Global AML Standard

The Financial Action Task Force (FATF) is the inter-governmental body that sets the global standard for combating money laundering and terrorist financing. Its 40 Recommendations are the benchmark against which member countries, including India, are evaluated through periodic Mutual Evaluations. India aligned its legal framework with FATF expectations and underwent a comprehensive assessment, and the certificate syllabus expects you to know how domestic law maps to these recommendations.

Key FATF concepts relevant to the exam include:

• Risk-Based Approach (RBA) — resources must be focused where the money-laundering and terrorist-financing risk is highest, rather than treating every customer identically.
• Customer Due Diligence (CDD) — Recommendation 10 requires identifying and verifying customers and understanding the purpose of the relationship.
• Targeted financial sanctions — freezing assets linked to proliferation and terrorism under United Nations Security Council resolutions.
• Grey list and black list — FATF places jurisdictions with strategic deficiencies under increased monitoring, which raises compliance friction for cross-border business.

Because terrorist financing is a constantly evolving threat, banks track FATF advisories alongside domestic circulars. Keep an eye on the latest regulatory updates through our IIBF news desk and revise policy-rate context on the RBI rates page.

CDD, EDD, Risk Categorisation, PEPs and Beneficial Ownership

Customer Due Diligence (CDD) is the process of identifying the customer, verifying that identity from reliable independent sources, and understanding the nature of the relationship. Where the risk is higher, the bank must apply Enhanced Due Diligence (EDD), which means collecting more information, obtaining senior management approval and monitoring the account more closely. For low-risk situations the RBI permits Simplified Due Diligence.

Banks classify every customer into a risk bucket as part of risk categorisation:

• Low risk — salaried individuals, government departments and entities with transparent ownership.
• Medium risk — customers whose profile needs periodic review.
• High risk — non-resident customers, trusts, customers from high-risk jurisdictions and politically exposed persons.

Politically Exposed Persons (PEPs) are individuals entrusted with prominent public functions in a foreign country. Relationships with PEPs always demand EDD, senior management sign-off and close ongoing monitoring because of the heightened corruption and bribery risk. Equally important is beneficial ownership: for a company the bank must identify every natural person who ultimately owns or controls more than the prescribed threshold, and for trusts and partnerships it must trace control to the real individuals behind the legal veil. Periodic re-KYC keeps these records current. Sharpen your recall of these definitions with the interactive match-the-concept game and browse related primers on the IIBF blog.

FIU-India, STR and CTR Reporting, and Trade-Based Money Laundering

The Financial Intelligence Unit-India (FIU-IND) is the national agency that receives, analyses and disseminates information about suspect financial transactions. Reporting entities transmit prescribed reports to FIU-India, which then shares actionable intelligence with enforcement and intelligence agencies. The certificate exam frequently tests the principal report types:

• Cash Transaction Report (CTR) — for cash transactions above ten lakh rupees (or a series of connected cash transactions integrally connected within a month).
• Suspicious Transaction Report (STR) — filed whenever a transaction gives rise to a reasonable ground of suspicion, regardless of amount; STRs must be filed promptly, typically within seven working days of forming suspicion.
• Counterfeit Currency Report (CCR) and Non-Profit Organisation Transaction Report (NTR) for the relevant categories.

A critical principle is the tipping-off prohibition: a bank must never alert a customer that an STR has been filed. Trade-Based Money Laundering (TBML) is an advanced laundering technique where criminals disguise illicit proceeds through trade transactions using over-invoicing, under-invoicing, multiple invoicing or phantom shipments to move value across borders. Detecting TBML requires scrutiny of trade documents, pricing benchmarks and the underlying goods. Strong transaction monitoring systems flag these red flags for analyst review before an STR is filed.

Conclusion and Next Steps

The interlocking framework of PMLA obligations, FATF recommendations, the RBI KYC Master Direction, risk-based customer due diligence, beneficial ownership identification and FIU-India reporting is the conceptual core of the IIBF KYC, AML and CFT certificate. Internalise the report thresholds, the EDD triggers for PEPs and high-risk customers, and the typologies such as trade-based money laundering, and you will be well prepared. Reinforce every concept with timed practice: head to the IIBF practice tests now and convert this knowledge into exam-ready marks.