By Shahi & Co., Chartered Accountants · New Delhi · 21 May 2026
The Financial Intelligence Unit – India (FIU-IND) is the nerve centre of India's anti-money laundering architecture. Registration with FIU-IND is not a procedural formality — it is a legal obligation under the Prevention of Money Laundering Act, 2002 (PMLA) for every entity that qualifies as a Reporting Entity. Failure to register, failure to maintain records, or failure to file mandatory reports can result in fines of up to Rs. 1 lakh per day, imprisonment of up to 7 years, and personal liability of directors and the Principal Officer. This guide provides a definitive, legally accurate walkthrough of the entire FIU-IND registration process, documents required, reporting obligations, and the compliance framework every Reporting Entity must put in place.
The Financial Intelligence Unit – India (FIU-IND) was established on 18 November 2004 by the Government of India under the Department of Revenue, Ministry of Finance. It functions as India's central national agency for receiving, processing, analysing, and disseminating financial intelligence.
FIU-IND operates under the statutory framework of the Prevention of Money Laundering Act, 2002 (PMLA) and the Prevention of Money Laundering (Maintenance of Records) Rules, 2005. Its mandate is to combat money laundering, terrorist financing, and related financial crimes by:
The statutory basis for FIU-IND registration and reporting obligations is Section 12 of the PMLA 2002, read with the Prevention of Money Laundering (Maintenance of Records) Rules, 2005 as amended. The Rules define Reporting Entities, specify which transactions must be reported, and set the timelines and procedures for compliance.
The term "Reporting Entity" is defined in Section 2(wa) of PMLA 2002 as: "a banking company, financial institution, intermediary or a person carrying on a designated business or profession."
In practice, every entity in the following categories must mandatorily register with FIU-IND:
| Category | Examples | Regulatory Authority |
|---|---|---|
| Banking Companies | Scheduled Commercial Banks, Co-operative Banks, Regional Rural Banks, Urban Co-operative Banks | RBI |
| Financial Institutions | NBFCs, Housing Finance Companies, Chit Fund Companies, Nidhi Companies | RBI / NHB |
| Insurance Companies | Life insurers, general insurers, health insurers, insurance intermediaries/brokers | IRDAI |
| Capital Market Intermediaries | Stockbrokers, sub-brokers, share transfer agents, depository participants, portfolio managers, merchant bankers | SEBI |
| Collective Investment Vehicles | Mutual Funds, Alternative Investment Funds (AIFs), REIT/InvIT managers | SEBI |
| Payment System Operators | Payment aggregators, prepaid instrument issuers, cross-border money transfer entities | RBI |
| Real Estate | Real estate developers and agents involved in sale/purchase of immovable property | State RERA |
| Precious Metals & Stones | Dealers in gold, silver, diamonds, gemstones, jewellers | — |
| VDA Service Providers | Crypto exchanges, NFT platforms, VDA custodians, VDA transfer/exchange service providers (from 1 March 2023) | FIU-IND |
| Designated Persons / Professionals | CAs, CSs, CMAs — for specified transactions under Rule 2(1)(cb) | ICAI / ICSI / ICMAI |
There is no size exemption under PMLA. A single-person CA firm, a small jeweller, a startup crypto exchange, and a large bank are all equally required to register with FIU-IND if they fall within the definition of Reporting Entity. Turnover, number of employees, or volume of transactions does not determine the obligation — the nature of the activity does.
CAs, CSs, and CMAs are classified as Reporting Entities under Rule 2(1)(cb) of the PMLA (Maintenance of Records) Rules, 2005 when they carry out the following "designated transactions" on behalf of clients:
If your CA firm: (a) advises on property transactions and is involved in the financial aspects; (b) handles client funds or operates client accounts; (c) assists in company formation and capitalization; or (d) manages corporate structures — you are a Reporting Entity under PMLA. You must register with FIU-IND, appoint a Principal Officer, implement KYC procedures, and file STRs when there is reason to suspect money laundering.
Tax compliance work (ITR filing, GST returns, audit) that does not involve the above designated transactions is generally not covered. However, if any engagement involves managing client money or structuring transactions, PMLA obligations apply.
The Finance Act 2023 inserted PMLA provisions relating to Virtual Digital Assets (VDAs) effective 1 March 2023, through the Prevention of Money Laundering (Maintenance of Records) Third Amendment Rules, 2023. This was a landmark regulatory development — India became one of the first jurisdictions globally to bring crypto assets fully within the AML framework.
A "Virtual Digital Asset Service Provider" under PMLA includes any person or entity that, as a business, conducts one or more of the following activities on behalf of another person:
All VDA service providers must: (1) Register with FIU-IND via FINnet portal; (2) Implement full KYC/CDD — collect and verify government-issued photo ID, address proof, and source of funds for all customers; (3) Apply EDD for high-value transactions, politically exposed persons (PEPs), and customers from FATF high-risk jurisdictions; (4) File STRs within 7 days of suspicion; (5) File CTRs for aggregate cash/crypto transactions above Rs. 10 lakh/month; (6) File CBWTRs for cross-border crypto transfers equivalent to USD 25,000 or above; (7) Maintain all transaction records and KYC documents for 5 years.
All documents must be current, self-attested or digitally signed, and uploaded in PDF format on the FINnet portal. Ensure all IDs are within validity period.
| Document | Specification | Applicable To |
|---|---|---|
| PAN Card of Entity | Permanent Account Number issued by Income Tax Department | All entities |
| Certificate of Incorporation / Registration | MCA-issued certificate for companies; ICAI CoP for CA firms; RBI licence for banks/NBFCs; IRDAI licence for insurers; SEBI registration for brokers/MFs; State RERA for real estate; ICSI/ICMAI for CS/CMA firms | All entities — applicable certificate |
| GST Registration Certificate | GSTIN certificate from GSTN portal (if registered for GST) | Most entities (if turnover exceeds threshold) |
| Registered Address Proof | Utility bill (electricity/telephone), bank statement, or registered rent/lease agreement — not older than 3 months | All entities |
| Principal Officer — PAN | PAN card of the appointed Principal Officer | All entities |
| Principal Officer — Identity & Address Proof | Aadhaar card or Passport of the Principal Officer | All entities |
| Principal Officer — Appointment Letter / Board Resolution | Board Resolution (for companies) or partner resolution/authorisation letter officially appointing the Principal Officer | All entities |
| Designated Director — PAN & Identity Proof | PAN and Aadhaar/Passport of the Director/Partner designated as Designated Director under PMLA | All entities |
| List of Directors / Partners | Current list of all directors (Form MCA Master Data) or partnership deed for firms | Companies and LLPs/Partnerships |
Before attempting to register online, complete the internal governance steps. Pass a Board Resolution (for companies) or Partner/Firm Resolution formally appointing:
Obtain official appointment letters on company letterhead with resolution date and authorisation details. Keep both individuals' KYC documents (PAN, Aadhaar/Passport) ready.
Go to fiuindia.gov.in → Click "Registration" or "New Entity Registration". You will be asked to select your entity category from a dropdown. Categories include:
Select the category that most accurately describes your primary business activity. If your entity falls under multiple categories, register under all applicable categories.
The FINnet registration form requires:
All information entered must exactly match the documents being uploaded. Any discrepancy — even a minor name mismatch between PAN and the certificate of registration — will lead to rejection and require fresh submission. Review every field carefully before submitting.
Upload each document as listed in Section 5 of this guide. FINnet portal accepts PDF files only, with each file typically limited to 2–5 MB. Ensure:
After uploading all documents, review the complete form one final time. Click "Submit". The portal will generate an Application Reference Number (ARN) — note this number carefully as it is needed for all future correspondence with FIU-IND regarding your application. A system-generated acknowledgement email will be sent to the Principal Officer's registered email.
FIU-IND will review the application and documents. If the application is complete and documents are in order, the FIU-ID (Registration Number) is issued by email to the Principal Officer. Use this FIU-ID to log into the FINnet portal and begin filing reports. If FIU-IND raises a query or requests additional documents, respond promptly through the FINnet portal or by email, as delays will reset the processing timeline.
| Stage | Typical Duration | Notes |
|---|---|---|
| Internal Preparation (Board Resolution, Documents) | 1–3 days | Depends on internal governance speed |
| FINnet Form Filling & Document Upload | 1 day | Allow 2–3 hours for first-time users |
| FIU-IND Verification (complete submissions) | 7–15 working days | No statutory deadline; FIU-IND processes as per workload |
| FIU-IND Query (if raised) | Adds 5–10 working days per query | Respond promptly to avoid further delay |
| Total — Clean Application | 10–18 working days | Assuming first-time complete submission |
Reporting entities must be aware that PMLA compliance obligations do not begin only after registration. The legal obligation to maintain records, implement KYC/AML procedures, and file reports arises from the moment the entity qualifies as a Reporting Entity — not from the date of FIU-IND registration. Pending registration, entities should immediately implement internal AML controls, maintain KYC records, and document all potentially reportable transactions.
Registration with FIU-IND is merely the beginning. The substantive compliance obligations under PMLA are continuous and ongoing. Every Reporting Entity must establish and maintain a comprehensive AML (Anti-Money Laundering) / CFT (Counter Financing of Terrorism) compliance framework comprising:
Every Reporting Entity must have a documented, Board-approved AML/KYC Policy covering: customer acceptance criteria, risk categorisation of customers (low/medium/high), KYC documentation requirements for each category, transaction monitoring parameters, STR/CTR filing procedures, training programme for staff, and internal audit/review mechanism.
PMLA requires a risk-based approach — not a one-size-fits-all model. Entities must assess and categorise each customer by risk level and apply proportionate due diligence:
| Risk Category | Customer Profile | Due Diligence Level |
|---|---|---|
| Low Risk | Salaried individuals, small businesses with known income sources, government entities | Standard CDD — basic KYC documents |
| Medium Risk | Self-employed, SMEs, new customers, cash-intensive businesses | Standard CDD + source of funds verification |
| High Risk | PEPs (Politically Exposed Persons), customers from FATF high-risk countries, NRIs/foreigners, unusual transaction patterns, VDA transactions | Enhanced Due Diligence (EDD) — senior management approval, detailed source of funds/wealth, enhanced ongoing monitoring |
| Report Type | Full Name | Trigger | Filing Deadline | Applicable To |
|---|---|---|---|---|
| STR | Suspicious Transaction Report | Any transaction (regardless of amount) where there is reasonable ground to suspect money laundering, terrorist financing, or tax evasion | Within 7 working days of suspicion forming | All Reporting Entities |
| CTR | Cash Transaction Report | All cash transactions aggregating Rs. 10 lakh or above in a month (by a single customer or connected customers) | By 15th of following month | Banks, NBFCs, financial institutions; applicable to dealers in precious metals for large cash purchases |
| CBWTR | Cross Border Wire Transfer Report | All cross-border wire transfers of USD 25,000 or above (equivalent in any currency) | By 15th of following month | Banks, financial institutions, payment system operators, VDA service providers for crypto |
| CCR | Counterfeit Currency Report | Detection of counterfeit Indian currency notes | As soon as detected | Banks, financial institutions |
| NTR | Non-Profit Organisation Transaction Report | Transactions received from or transferred to NGOs/charitable trusts above prescribed thresholds | By 15th of following month | Banks and financial institutions |
Section 45C of PMLA makes it an offence to "tip off" a customer that their transaction has been reported as suspicious (STR) to FIU-IND, or that an investigation has been commenced. Reporting Entities must ensure that the STR filing process is strictly confidential and known only to the Principal Officer and a small need-to-know team. Tipping off is a standalone criminal offence separate from the underlying money laundering charge.
Know Your Customer (KYC) norms under PMLA are set out in Rules 9 and 9A of the Prevention of Money Laundering (Maintenance of Records) Rules, 2005. All Reporting Entities must:
EDD must be applied to all high-risk customers, including:
Under Section 12 of PMLA 2002 read with Rule 3 of the PMLA Rules, all Reporting Entities must maintain the following records for a minimum of 5 years:
| Record Type | Retention Period | Format |
|---|---|---|
| KYC documents of customers | 5 years from the date of cessation of business relationship | Physical or electronic |
| Transaction records (date, amount, currency, accounts, parties) | 5 years from the date of the transaction | Physical or electronic |
| STRs and supporting documentation | 5 years from the date of filing | Confidential — restricted access |
| CTRs, CBWTRs, NTRs | 5 years from the date of filing | Electronic records on FINnet portal |
| Correspondence with FIU-IND | 5 years | Physical or electronic |
| Internal suspicious transaction investigation records | 5 years | Confidential — restricted access |
Electronic records are permissible under PMLA. However, they must be stored in a secure, tamper-evident system with restricted access and audit trails. Backup procedures must ensure records are not lost due to technical failure. The Enforcement Directorate has powers to requisition these records at any time — maintenance of organised, searchable records is therefore essential.
The penalty framework under PMLA 2002 is stringent and applies to Reporting Entities, their officers, and the Principal Officer personally. Non-compliance at any level — from failure to register to failure to file a single STR — attracts consequences.
| Violation | Section | Penalty |
|---|---|---|
| Failure to register / maintain records / file reports | Section 13(1) PMLA | Fine: Rs. 10,000 to Rs. 1,00,000 per day of default |
| Repeat violation after first penalty | Section 13(2) PMLA | Fine: Rs. 1,00,000 per violation in addition to daily fine |
| Money Laundering Offence | Section 4 PMLA | Rigorous imprisonment: 3 to 7 years + fine; up to 10 years for NDPS offences |
| Tipping off a customer about STR / investigation | Section 45C PMLA | Criminal offence — imprisonment and fine |
| Failure to provide information to FIU-IND | Section 12 read with Section 13 | Fine up to Rs. 1,00,000 per day |
| Attachment and confiscation of proceeds of crime | Sections 5, 8, 9 PMLA | ED can provisionally attach property without conviction; confirmed by PMLA Adjudicating Authority |
| Officers-in-default (Director / Partner / Principal Officer) | Section 70 PMLA | Personal liability — same penalties apply to every person in charge at the time of offence |
PMLA enforcement by the Enforcement Directorate operates independently of and in addition to regulatory action by RBI, SEBI, IRDAI, or other sector regulators. A Reporting Entity may simultaneously face: (a) SEBI action for securities law violations; (b) RBI action for KYC/AML guideline violations; AND (c) ED prosecution under PMLA for money laundering — even where the underlying funds were from tax evasion (income tax violations are predicate offences under PMLA).
Not necessarily all CA firms. Only those that carry out designated transactions as defined in Rule 2(1)(cb) of the PMLA Rules 2005 — specifically, transactions involving real estate, management of client money or assets, company formation, or buying/selling of businesses. A firm that only does audit, ITR filing, and GST compliance (without handling client money or property transactions) is generally not required to register. However, if any engagement crosses into designated transaction territory, registration becomes mandatory immediately.
Register immediately. The penalty under Section 13 is calculated per day of default — so every day without registration increases exposure. There is no amnesty scheme under PMLA. However, registering proactively and demonstrating good faith compliance going forward can be a mitigating factor if regulators or the ED review the matter. It is advisable to take legal advice on the specific exposure and remediation steps.
Changes to the Principal Officer or Designated Director must be updated on the FINnet portal within 30 days of the change. This requires uploading the new appointment Board/Partner Resolution, the new officer's KYC documents, and updating all contact details. FIU-IND must always have current contact information for the Principal Officer — all communications relating to STR queries, investigations, and enforcement matters are routed through this person.
STRs filed with FIU-IND are processed and analysed by FIU-IND, which may then share financial intelligence with authorised enforcement and intelligence agencies including the Enforcement Directorate (ED), CBI, Income Tax Investigation Wing, SEBI, Narcotics Control Bureau (NCB), and intelligence agencies. FIU-IND does not automatically share every STR with every agency — it disseminates actionable intelligence based on pattern analysis. However, a Reporting Entity has no control over how FIU-IND uses the STR after filing.
Yes. Branches of foreign banks operating in India are subject to Indian PMLA and must be registered with FIU-IND. The Indian branch/subsidiary is treated as a distinct Reporting Entity under PMLA 2002, irrespective of the parent bank's AML registration in its home country. The branch's Indian Principal Officer is responsible for all FIU-IND filings for the Indian operations.
Navigating PMLA compliance — from FIU-IND registration to establishing a full AML/KYC framework — requires careful attention to evolving regulatory requirements. Shahi & Co., Chartered Accountants assists businesses, financial institutions, VDA service providers, and CA firms in assessing their Reporting Entity status, completing FIU-IND registration, drafting AML/KYC policies, training staff, and establishing ongoing STR/CTR reporting procedures.