IFSCA AML CFT and KYC Guidelines Explained for IFSC Entities in GIFT City

Operating in GIFT City brings global opportunities. It also brings strict regulatory responsibility. The IFSCA AML CFT and KYC Guidelines 2022 define how regulated entities must prevent money laundering, terrorist financing, and identity misuse. Understanding these rules is essential for compliance-driven growth in the IFSC ecosystem.

This guide explains the key provisions in simple language for fund managers, financial institutions, and service providers operating in GIFT City.

Who Must Follow the IFSCA AML CFT KYC Guidelines

The guidelines apply to every regulated entity licensed, registered, or authorised by the International Financial Services Centres Authority. This includes banks, fund management entities, capital market intermediaries, insurance units, and other approved entities.

The rules also extend to financial groups connected to the regulated entity when specified by the guidelines. This ensures group-level risk is managed and monitored properly.

Appointment of Designated Director and Principal Officer

Every regulated entity must appoint two key compliance roles.

The Designated Director is responsible at the leadership level. This role must be held by the head of the IFSC entity. It cannot be outsourced or assigned to the parent entity in onshore India.

The Principal Officer manages day-to-day AML CFT and KYC compliance. This person must have sufficient seniority and independence. Internal audit or business line heads cannot act as Principal Officer.

Both roles must be held by separate natural persons. Companies, trusts, or partnerships cannot be appointed to these positions.

AML CFT KYC Policy Requirements

Every IFSC entity must have a documented AML CFT KYC policy. This policy must reflect the principles of the IFSCA guidelines and be approved by the governing body.

The governing body depends on the entity structure. For companies, it is the board of directors. For LLPs, it is the partners. For branches, it is a committee authorised by the parent governing body.

If an entity already follows an AML policy under the Prevention of Money Laundering Act, it may continue only if all IFSCA requirements are fully covered. If not, the policy must be updated and reapproved.

FIU IND Registration and Reporting Obligations

Most IFSC-regulated entities must register on the FIU IND FINGate 2.0 portal. Alternate Investment Funds managed by registered FMEs are the main exception.

Registration is mandatory because entities must report specific financial transactions to the Financial Intelligence Unit India. These include suspicious transactions, cross-border wire transfers above prescribed limits, and high-value property transactions.

Registration follows a two-step process. First, the entity registers. Then the Designated Director and Principal Officer are registered.

Entities operating as IFSC branches must clearly mention IFSC in the registered name and select IFSCA as the regulator during registration.

Cross-Border Wire Transfers Explained

Any wire transfer is considered cross-border if either the ordering institution or beneficiary institution is located in IFSC. This applies even if the counterparty is within India.

All cross-border wire transfers above five lakh rupees or equivalent must be reported to FIU IND. This rule highlights the unique regulatory positioning of GIFT City.

Customer Due Diligence Process

Customer due diligence is the foundation of AML compliance. The guidelines allow multiple verification methods depending on customer risk and residency.

Offline verification includes certified copies of identity documents. For non-resident individuals, certification can be done by foreign banks, notary courts, lawyers, or embassies.

Video-based Customer Identification Process is permitted for Indian nationals and eligible low-risk NRIs. Public databases and reputable commercial sources may also be used for low-risk customers.

Lawyers outside India are permitted to certify documents for non-resident individuals.

Video-Based Customer Identification for NRIs

V CIP is an optional method for onboarding low-risk NRI customers. Specific conditions apply.

The NRI must have Aadhaar, an active Indian mobile number, and residence in approved jurisdictions such as the USA, UK, UAE, Singapore, or EU countries.

If the current address cannot be verified independently, the account must be opened in debit freeze mode. The account becomes operational only after verification of the first credit from the overseas bank account.

Cybersecurity standards prescribed by IFSCA must be followed strictly. Generic video platforms are not allowed for onboarding.

Responsibilities in Fund Management and AIF Structures

For Alternative Investment Funds, the Fund Management Entity remains responsible for business risk and customer risk assessment. Customer risk assessment cannot be outsourced.

CDD activities may be performed by third parties only under the permitted reliance framework. Audit oversight of AML processes may be included within the FME audit scope.

Suspicious Transaction Reporting

Suspicious transactions must be reported to FIU IND without delay once suspicion is confirmed. The Principal Officer is responsible for timely filing.

Information on suspicious transactions can be shared internally for compliance purposes with regulators, lawyers, or under court orders. Unauthorised disclosure is prohibited.

Countering Terrorist Financing and Sanctions Compliance

If a customer matches any designated sanctions list, immediate action is required. Funds must be frozen, and authorities, including FIU IND, IFSCA, and nodal officers, must be informed without delay.

Without delay means the same business day and not later than 24 hours.

Clear procedures exist for freezing and unfreezing assets when individuals are wrongly affected. These actions must follow formal verification and written orders from the designated authorities.

Why This Matters for IFSC Entities

The AML CFT KYC framework in GIFT City is designed to align India with global financial standards. Strong compliance protects institutions, investors, and the international reputation of the IFSC.

Clear governance, structured reporting, and robust customer verification are no longer optional. They are core operational requirements.