NBFCs' Combat Against Money Laundering Risk and their Forward Trajectory

Money laundering continues to plague global financial systems, presenting a formidable challenge to their integrity. These illicit activities have infiltrated various financial channels, including Non-banking Financial Companies (NBFCs), complicating the task of tracking, and mitigating them.

Money laundering, a process to conceal the origin of illicit funds, poses a significant challenge to the integrity of financial systems worldwide. It spans across various financial products, services and transactions, including lending and investment activities.

The regulatory landscape for NBFCs in India is evolving to address emerging risks and ensure compliance with stringent Anti Money Laundering (AML) and Know Your Customers (KYC) standards. The introduction of the Scale Based Regulation - Master Directions ('SBR Master Directions') represents a shift towards a risk-based classification framework, enhancing the effectiveness of oversight.

Global Scenarios

The Financial Action Task Force (FATF) has set global standards to combat terrorist financing and money laundering. The FATF, an intergovernmental body, promotes international AML/ Combatting Financing of Terrorism (CFT) standards through its 40 Recommendations, guiding AML policies in over 190 jurisdictions, covering customer due diligence, transaction monitoring, reporting of suspicious activity, and international cooperation.

The Corporate Transparency Act, part of the U.S. Anti-Money Laundering Act of 2020, fill loopholes for shell companies to evade AML measures and sanctions. Financial Crimes Enforcement Network (FinCEN), a bureau of the U.S. Treasury, issues guidance and regulations under the Bank Secrecy Act (BSA) to aid compliance with AML laws.

In the UK, the Money Laundering Regulations 2017 (MLR 2017) govern AML efforts, mandating customer due diligence, risk assessments, and record-keeping to combat money laundering and terrorist financing.

The EU's 6th Anti-Money Laundering Directive (6AMLD), fully adopted in 2021, enhances the EU's AML framework by expanding due diligence, requiring enhanced measures for high-risk countries and imposing new reporting requirements for financial institutions.

India’s Perspective

The Prevention of Money Laundering Act, 2002 (PMLA) in India defines money laundering offenses and empowers authorities to freeze, seize, and confiscate crime proceeds. The process of money laundering typically involves three stages:

i. Placement: Illicit funds enter the financial system.

ii. Layering: Funds are moved through complex transactions to obscure their origin.

iii. Integration: Funds are reintroduced into the legitimate economy, making their origin difficult to trace.

Under Section 12 of the PMLA, reporting entities are required to:

i. Keep records of all transactions for five years from the date of the transaction.

ii. Provide transaction information to the Director within prescribed timelines.

iii. Maintain documents evidencing client and beneficial owner identities for five years after the business relationship ends or the account is closed, whichever is later.

In India, NBFCs play a vital role in the financial ecosystem, facilitating transactions and catering to the credit needs of the economy. Recent statistics from the Reserve Bank of India (RBI) underscore the substantial contribution of NBFCs to the flow of resources, highlighting their significance in the financial sector. However, this prominence also makes them susceptible to exploitation by criminal elements seeking to launder illicit funds or finance terrorist activities. According to the recent RBI data as of October 30, 2023, there are a total of 9356 NBFCs registered with the RBI. Among these, 10 fall under the upper layer classification, 446 under the middle layer, and 8900 under the base layer.

Recognizing the gravity of these threats, the RBI has issued comprehensive KYC guidelines for all NBFCs. These guidelines, in alignment with recommendations from the FATF, aim to strengthen AML standards and CFT policies.

Furthermore, the RBI, through its Master Direction dated February 25, 2016, and subsequent updates, has laid down detailed guidelines for NBFCs to comply with AML standards.

The objectives of these guidelines are following:

i. Preventing NBFCs from being used for money laundering activities.

ii. Enhancing understanding of customers and their financial dealings.

iii. Establishing controls for detecting and reporting suspicious activities.

iv. Ensuring compliance with applicable laws and regulatory guidelines.

v. Providing adequate training for staff on KYC/AML/CFT procedures.

Rise in Money Laundering cases

In 2018, the Ministry of Finance's Financial Intelligence Unit (FIU) took a significant step by releasing a list of 9,491 "high-risk financial institutions" on account of non-compliance with PMLA and PML Rules. This list aimed to alert enforcement agencies, both domestic and international, about potential instances of money laundering within these entities.

According to the RBI Annual Reports for the years 2024, there were 281 cases of financial institutions facing penalties totalling INR 86.11 crores. The primary reasons behind these penalties included:

i. Violations of Exposure Norms.

ii. Non-compliance with Unique Customer Identification Code (UCIC), KYC, Depositor Education and Awareness Fund (DEAF) requirements.

iii. Contraventions of the Supervisory Action Framework (SAF).

iv. Failure to adhere to Fraud Classification Guidelines.

v.? Breaches in Norms related to Advances to Directors & Key Management Professionals.

These cases of non-compliance often stem from several underlying issues within the organizations, such as:

i. Escalating regulatory requirements and their complexities from RBI/PMLA/SEBI/IRDAI.

ii. Fragmentation of efforts within the organization to ensure comprehensive compliance.

iii. Reliance on error-prone spreadsheet-based tracking of compliance requirements and reporting.

iv. Lack of automation leading to substantial man-hours being dedicated to compliance and reporting processes.

Viable Antidote

Some of the mitigation strategies that organisations may adopt are following:

1. Customer Due Diligence - To prevent money laundering and illicit activities, financial institutions must verify customer identities with reliable documentation, understand their business and transaction patterns, assess associated risks, and regularly update customer information to maintain accuracy and relevance.
2. Enhanced Due Diligence – It involves obtaining extra information to better understand high-risk customers. It includes a detailed review of their background, funds, and transactions, increased monitoring, and requiring senior management approval before starting or continuing relationships with high-risk individuals.
3. Suspicious Activity Reports (SAR) - Effective preparation of SAR plays a vital role in enabling financial institutions to monitor and mitigate risks associated with financial crimes. SAR also serve to support the efforts of Financial Intelligence Units (FIUs) and law enforcement agencies. Investigators who possess deep knowledge of diverse money laundering methods are better equipped to comprehend various transaction patterns and customer behaviours.
4. Compliance of FIU-IND - With respect to designation of Principal Officer (PO), filing of Cash Transaction Report (CTR), Counterfeit Currency Report (CCR) and Suspicious Transactions Reporting (STR).
5. Fraud Risk Reduction - A well-executed customer onboarding process can deter fraudsters and help catch suspicious activity before it affects the business.
6. Conduct a risk assessment - Before conducting Enhanced Due Diligence, NBFCs must assess the risks associated with the customer. This includes factors such as the customer’s location, business activities, reputation, and ownership structure. This risk assessment should be based on a robust risk-based approach and should consider relevant local and international regulations.
7. Ongoing monitoring and Training requirements - It is an essential element of effective KYC procedures. Monitoring of transactions and its extent will be conducted taking into consideration the risk profile and risk sensitivity of the account. To create an effective Fraud Prevention Culture. Training should extend beyond fraud professionals, ensuring all staff understand the risks and security measures.
8. Establish a process for Incident Response – To develop response strategies for potential fraud scenarios, including information security breaches or internal fraud incidents. Validate these strategies against industry best practices.

Looking ahead, NBFCs needs to be remain vigilant against emerging threats and adapt their strategies to mitigate risks effectively. India is also bringing new disclosures for credit card issuers, fintech providers and payment aggregators on cross-border transaction in line with new standards of FATF by 2025.? The incorporation of advanced technologies and robust risk assessment methodologies will be pivotal in enhancing their AML frameworks. Moreover, fostering a strong culture of compliance through comprehensive training programs will empower NBFCs to stay ahead of illicit activities.