The International Financial Services Centres Authority (“IFSCA”) has issued a circular dated 2 January 2026 (“Circular”) introducing modifications, clarifications, and incorporations into the IFSCA (AML, CFT and KYC) Guidelines, 2022 (“AML Guidelines”). These changes reflect regulatory fine-tuning in response to operational experience, FATF standards, and evolving risk patterns.
- Scope, Applicability, and Exemptions
The recent updates clarify that the AML Guidelines apply to all Regulated Entities, while explicitly empowering the IFSCA to grant exemptions where appropriate. Specific exemptions have been introduced for:
- Global In-House Centres
- International Branch Campuses (“IBC”) and Offshore Education Centres (“OEC”)
- Financial Crime Compliance Service Providers, registered under IFSCA.
- (Book-keeping, Accounting, Taxation and Financial Crime Compliance Services) Regulations, 2024
- A Financial Institution providing services only to the entities in its ‘Financial Group’ which are in a country not identified in the public statement of FATF as ‘High-risk jurisdictions subject to call for action.’
- Recognition of KYC Registration Agencies (Clause 1.3.24A.)
The amended AML guidelines have introduced a new Clause 1.3.24A formally recognising KYC Registration Agencies (“KRAs”) under the IFSCA (KYC Registration Agency) Regulations, 2025, thereby introducing a centralised KYC infrastructure within IFSCs. This amendment is intended to align IFSC practices with the SEBI KRA framework and address operational inefficiencies arising from repetitive KYC processes across regulated entities. By enabling standardised collection, storage and retrieval of KYC records, the framework is expected to significantly reduce onboarding friction, particularly for customers dealing with multiple entities within a financial group.
- Acceptance of equivalent E-Documents as Officially Valid Documents (Clause 1.3.30.)
Under the third proviso to Clause 1.3.30 of the AML Guidelines, certain documents were recognised as valid alternatives where customers were unable to procure documents for proof of address. To enhance flexibility and streamline compliance, the IFSCA has now expressly recognised equivalent electronic documents as Officially Valid Documents. This modification is expected to significantly reduce operational friction, particularly for non-resident and cross-border clients, by enabling more efficient remote and technology-enabled onboarding.
- Confidentiality of Customer Risk Categorisation (Clause 4.1. (d))
Under Clause 4.1 of the AML Guidelines, a Regulated Entity is required to undertake a risk-based assessment and assign an appropriate risk rating to each of its customers. Prior to the modification introduced by the Circular, the AML Guidelines did not expressly classify customer risk assessments and risk categorisation as confidential information. The insertion of Clause 4.1(d) in the AML guidelines now expressly prohibits the disclosure of such information. This amendment is aimed at mitigating the risk of “tipping off,” a well-recognised vulnerability in anti-money laundering and counter-terrorist financing frameworks. By expressly safeguarding the confidentiality of customer risk assessments, the IFSCA has aligned the IFSC AML regime with international best practices governing suspicious transaction monitoring and reporting.
- Expanded Scope of Persons Acting on Behalf of Legal Arrangements (Clause 5.4.4.)
Clause 5.4.4 of the AML Guidelines expands the scope of persons acting on behalf of a customer by expressly extending the requirement for identification and verification of authority to legal arrangements, and not merely natural or legal persons. This clarification addresses potential structuring gaps that could be exploited through vehicles such as trusts, foundations and similar arrangements, where control and decision-making may be diffused or opaque. As a result, regulated entities are now expected to undertake enhanced scrutiny of complex ownership, control, and authorisation structures when onboarding or servicing such entities.
- Enhanced Due Diligence for Indian Beneficial Owners. (Clause 5.6.)
Under the IFSC AML Guidelines, where a Regulated Entity classifies a customer as high risk pursuant to its risk assessment, it is required to undertake Enhanced Customer Due Diligence (“EDD”). Prior to the modifications of AML guidelines, the application of EDD was risk-driven and undertaken on a case-to-case basis, with only customers assessed as high-risk being subjected to enhanced scrutiny.
To address the risk of “round tripping,” the IFSCA has, through the Guidance Note to Clause 5.6, introduced Point 9, mandating the application of EDD where the beneficial owner of an entity is an Indian national. In such cases, the Regulated Entity is required to undertake EDD and additional due diligence measures as specified under Clause 5.6(a)(ii), including verification of the source of funds, irrespective of the customer’s overall risk categorisation.
- Protection for Persons with Disabilities in KYC Decisions (Clause 5.10. (a))
The AML Guidelines introduce an important safeguard by providing that KYC onboarding or updation applications submitted by persons with disabilities (PwD) cannot be rejected in a mechanical manner, and that any rejection must be supported by recorded reasons reflecting due application of mind. This amendment seeks to embed principles of non-discrimination, fairness and proportionality within AML and KYC compliance processes, while ensuring that regulatory objectives are met without exclusionary outcomes.
- Periodic KYC Updation for Resident Indians (Clause 5.11.)
To rationalise the periodic KYC updation for resident Indian customers, a new proviso has been introduced by prescribing fixed timelines based on risk classification, namely.
- High Risk Customers: Once every 2 years
- Medium Risk Customers: Once every 8 years, and
- Low Risk Customers: Once every 10 years
with the stricter classification prevailing where differing risk assessments exist across entities within a financial group. This standardisation is intended to strike a balance between customer convenience and risk-sensitive compliance, while also promoting harmonisation of KYC practices across group entities.
- Suspicious Transaction Reporting (STR) (Clause 10.3.)
The AML Guidelines provide clarifications in relation to STR by expressly stating that the mere filing of an STR, by itself, cannot be a ground for restricting or discontinuing customer transactions. In addition, references to the physical address and contact details of FIU-IND have been removed, reflecting the transition to fully digitised and system-driven reporting mechanisms. These changes are aimed at preventing indiscriminate de-risking in the absence of due process, while modernising AML reporting channels in line with current regulatory practice.
- Mandatory Use of IFSC Banking Units for Wire Transfers (Clause 7.2.B.)
Clause 7.2 of the IFSC AML Guidelines governs the transfer of funds through wire transactions. Prior to the modification, the AML guidelines provided that wire transfers undertaken by financial institutions in the IFSC were required to originate from, or be received into, an account maintained with a Banking Unit in the IFSC.
Pursuant to the amendment of Clause 7.2B, the AML Guidelines now mandate that all wire transfers must be routed through an account maintained with a Banking Unit in the IFSC. With the exception where both the originator and the beneficiary are Regulated Entities acting on their own behalf or the transaction is carried out using credit, charge, debit, or prepaid cards used for the purchase of goods or services, provided that the card number accompanies all transfers arising from the transaction.
- Biometric and Aadhaar Face Authentication (Annexure I, Part II: Verification of Customer Identity)
Under Annexure I, Part II(1) of the AML Guidelines, the IFSC Authority has clarified that biometric-based e-KYC and Aadhaar face authentication are recognised as acceptable modes of customer identity verification, provided such verification is carried out by the Regulated Entity or its authorised business facilitators, and the use of Aadhaar is in compliance with the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016. This clarification is expected to facilitate faster, remote, and lower-friction onboarding, particularly for retail and NRI customers. Further, under Point (8) of Part II of Annexure I to the AML Guidelines, the documents prescribed for verification of the identity of a legal person or legal arrangement have been expanded to expressly include equivalent electronic documents.
- Tightening of Address Verification for Foreign Nationals
Under the proviso to Point (7) of Part II of Annexure I of the AML Guidelines, the word “or” has been substituted with “and” thereby tightening the address verification requirements applicable to foreign nationals. As a result, proof of address must now comprise both documents issued by foreign government authorities and a letter issued by the relevant Foreign Embassy or Mission in India, replacing the earlier framework which permitted reliance on either document. This amendment is intended to enhance the authenticity and reliability of address verification in cross-border onboarding and to mitigate risks arising from false residency claims and jurisdictional arbitrage.
- Modifications under Video-Customer Identification Procedure
Under Part A of Annexure II to the AML Guidelines, a Regulated Entity may use Video- Customer Identification Process (“V-CIP”) for undertaking customer due diligence at the time of onboarding of new customers or for the periodic updation of KYC. Clause 1.2.1 of the AML Guidelines prescribes the minimum infrastructure standards to be complied with by Regulated Entities opting for V-CIP.
Through the Circular, further clarification has been introduced under Clause 1.2.1(vii), specifying jurisdictional requirements for IP address origination during the V-CIP process. Accordingly, the IP address of resident Indian customers must originate from India. In the case of non-resident Indian customers, the IP address may originate from India or from the following jurisdictions:
(a) United States of America.
(b) Japan.
(c) South Korea.
(d) United Kingdom excluding British Overseas Territories.
(e) Canada.
(f) UAE.
(g) Singapore.
(h) Australia.
(i) European Union excluding Croatia.
These jurisdictions must not be identified by the FATF as high-risk jurisdictions subject to a call for action or jurisdictions under increased monitoring, nor be designated by the Central Government as high-risk jurisdictions for money laundering, terrorist financing, or proliferation financing. This clarification is intended to mitigate risks arising from VPN masking, geo-spoofing, and misrepresentation of customer location during digital onboarding, and is aligned with the FATF’s emphasis on the integrity and reliability of non-face-to-face customer due diligence.
- Debit Freeze Accounts for Address Non-Verification
Under Clause 1.2.3(iv) Part A Annexure-II of the AML Guidelines, as substituted through the Circular, a Regulated Entity is now required to open an account in debit-freeze or inactive mode for an NRI customer only where, during verification of proof of identity, the customer’s current address cannot be verified. This represents a departure from the earlier position, under which all NRI customers were mandatorily subjected to debit-freeze accounts at the time of onboarding, irrespective of address verification outcomes.
This measure seeks to balance financial inclusion objectives with AML safeguards by allowing account opening without permitting transactional activity until verification gaps are resolved. While this reduces the risk of outright rejection of NRI applications, it simultaneously ensures that potential misuse is effectively controlled until due diligence requirements are fully met.
The Circular can be accessed here
Disclaimer: The information published in the above newsletter is collected from various sources in electronic medium and analyzed by the firm. The reader is advised to consult the attorney qualified in their jurisdiction, before acting on any information contained in this newsletter. India Juris excepts no liability what so ever in this regard.
