Master Direction on AML/CFT Obligations for Regulated Entities
Summary
The Reserve Bank of India has issued a comprehensive Master Direction consolidating and updating the Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) obligations for all regulated entities under its purview. This Master Direction supersedes the earlier guidelines issued in 2016 and incorporates the recommendations of the Financial Action Task Force (FATF) Mutual Evaluation Report on India, aligning domestic AML/CFT standards with international best practices.
The Master Direction introduces a risk-based approach as the cornerstone of AML/CFT compliance, requiring regulated entities to conduct comprehensive enterprise-wide risk assessments covering customer risk, product and service risk, geographic risk, and delivery channel risk. Entities must document their risk assessment methodology, update it at least annually, and make it available to the RBI on request.
A significant enhancement in this Master Direction is the strengthened beneficial ownership identification framework. Regulated entities must now identify and verify the beneficial owners of all legal entity customers, defined as natural persons who ultimately own or control more than 10% of the shares or voting rights. The threshold has been reduced from the previous 25% to 10%, substantially expanding the scope of beneficial ownership identification requirements.
The Master Direction also introduces enhanced transaction monitoring requirements, mandating that regulated entities implement automated transaction monitoring systems. Entities must file Suspicious Transaction Reports (STRs) with FIU-IND within seven days of forming a suspicion, reduced from the previous 15-day window.
Key Highlights
- Mandatory enterprise-wide risk assessment covering customer, product, geographic, and channel risks, updated annually
- Beneficial ownership threshold reduced from 25% to 10% for legal entity customers
- Beneficial ownership records must be re-verified at least every two years
- Automated transaction monitoring systems mandatory for all regulated entities
- STR filing window reduced to 7 days from 15 days upon forming suspicion
- Transaction records above Rs 10 lakh must be retained for minimum 5 years
- Enhanced due diligence required for Politically Exposed Persons and high-risk jurisdictions
Impact on Fintech Companies
This Master Direction has sweeping implications for fintech companies operating as payment aggregators, digital lenders, prepaid payment instrument issuers, and account aggregators. The risk-based approach requires fintech companies to invest in sophisticated risk assessment frameworks that go beyond simple rule-based compliance.
The reduction of the beneficial ownership threshold to 10% significantly increases the compliance burden for fintech companies onboarding business customers. Many fintech platforms that serve small and medium enterprises must now collect and verify beneficial ownership information for a much larger proportion of their corporate customers.
The shortened STR filing window of seven days creates operational urgency for fintech compliance teams. Companies must implement real-time or near-real-time transaction monitoring systems that can identify suspicious patterns quickly enough to allow for investigation and timely reporting.