Publication
Proposed changes to Alberta’s Freedom of Information and Protection of Privacy Act
Alberta is set to significantly change the privacy landscape for the public sector for the first time in 20 years.
Global | Publication | October 2024
This publication is a cooperation between Norton Rose Fulbright and Indian law firm Cyril Amarchand Mangaldas. In case of any questions to the CAM team, please reach out to Faraz Alam Sagar, Sara Sundaram or Kritika Angirish.
For many global organisations, finding the right balance between having global, unified compliance programs, and the need to address local legal and compliance risks, is a challenge. In this blog, we will address the challenge that money laundering and related issues presents to Indian companies operating in Europe.
Recent regulatory developments in India affect Indian companies’ duties and responsibilities in relation to the identification, combating, and the reporting of money laundering. These changes have already triggered many Indian companies to revisit their compliance programs and put in place new mechanisms to reduce Anti-Money Laundering (“AML”) risks.
In this blog, we suggest that Indian companies operating in Europe should pay attention to the parallel developments of AML regulations in Europe which may affect them as well. After providing an overview of recent developments regarding AML legislation in India, we move to developments in that field in Europe. Considering these parallel developments, we propose that international companies based in India which (partly) operate in Europe as well, may want to design a robust, internal compliance and control system that addresses both legislative requirements and allow those companies to be compliant in all relevant jurisdictions.
India has been a member of the Financial Action Task Force (“FATF”) since 1989, which in turn has been focusing on two key areas regarding AML: the effectiveness and technical compliance of companies’ internal compliance systems. India has undertaken the following changes to further strengthen its AML regime:
Enlarging the definition of ‘reporting entity’
Persons who are responsible for notifying and conducting AML diligence are categorised as ‘reporting entities’ and include banking companies, financial institutions (“ FIs” ), intermediaries and professions or persons carrying on a designated business.
In 2023, the Indian government implemented a few amendments to the Prevention of Money Laundering Act, 2002 (“PMLA”) and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 (“PML Rules”). The government added to the category ‘professions or persons carrying on a designated business’1 to include additional professionals, consultants and businesses2 as ‘reporting entities’, for example those who are carrying out certain financial activities on behalf of clients.
There is ambiguity about the scope of the applicability of the amendments, as the phrases ‘in the course of business on behalf of or for another person’ and ‘arranging for another person to act as’ are unclear or have not been clarified or defined yet. Nevertheless, and despite the limited clarity, the intention is likely to bring more professionals, consultants and businesses within the scope of PMLA.
Duties of a reporting entity
Because of these recent amendments to the PML Rules, it is now necessary to implement group-wide AML and Combating the Financing of Terrorism (“CFT”) policies, particularly for entities that form part of a group. These policies emphasize sharing information for client due diligence and AML/CFT purposes, while maintaining confidentiality and the prevention of tipping-off. Additional changes may include:
The documentation required for due diligence should now include more comprehensive information about the client's structure and operations.
The Master Directions of the Reserve Bank of India (“RBI”) consolidates instructions on rules and regulations framed by the RBI under various Acts, including issues relating to non-financial institutions. The Know Your Customer (KYC) Direction (2016) of the RBI applies to companies governed by the RBI, which includes branches and subsidiaries in which entities outside of India have a majority stake, provided they do not violate local laws. Subsidiaries of foreign-incorporated banks are therefore encouraged to apply the stricter regulation between the RBI norms and their home country regulators.
EU Regulation matters for Indian companies
While the EU regulatory framework on AML is primarily designed with companies originating in Europe in mind, there are many instances where it may be required, or at least beneficial for foreign companies, such as Indian companies operating in Europe, to consider implementing relevant compliance measures and ensure they are prepared in the following instances:
In conclusion, Indian companies operating in Europe must be aware of the implications and potential effects of the EU regulatory framework, even if their domestic regulations differ. This may involve implementing stricter internal controls, enhancing record-keeping practices, and ensuring that staff are adequately trained in AML procedures. As the EU continues to tighten its AML regulations, foreign companies with ties to Europe must take a proactive approach in maintaining compliance to avoid facing legal and financial risks.
Risk of non-compliance
Since the implementation of the 2018 Directive on combating money laundering through criminal law, there is a harmonized baseline across the EU that mandates a minimum imprisonment term of four years for intentional offences. For legal entities, the Directive prescribes severe penalties, including temporary or permanent bans from commercial activities, judicial supervision, or even a judicial order for dissolution.
Irrespective of the fact that there may be no directly applicable regulation to foreign companies, even non-financial institutions are exposed to elementary risks if they become involved in money laundering (“ML”) activities as a result of inadequate precautionary measures:
What do Indian companies need to know?
As already indicated, AML regulations are complex and multi-layered, and are mostly tailored to FIs. Moreover, the current framework for (foreign) non-financial businesses remains quite underdeveloped. However, (foreign) non-financial businesses are not entirely excluded from AML regulations. In fact, there has been an increasing trend to include these as well.
In June 2024 the EU published a new Regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (Reg. 2024/1624, the “AML Regulation”) as part of a broad AML legislation package. The AML Regulation will be directly applicable without transformation into national law of the member states as of 10 July 2027 and harmonize minimum standards for AML Compliance, some of which are also directly relevant for (foreign) non-financial businesses:
In addition, non-financial businesses are indirectly affected by the stringent AML requirements on FIs and DNFBPs, as those FIs and DNFBPs increasingly demand non-financial businesses for respective information, e.g. the proof of funds, to fulfil their obligations under the regulatory framework. As a result, non-obliged entities will also have to ensure AML compliance , as well as not indirectly facilitating ML/TF activities, particularly through their supply chains or client transactions, to have access to regulated financial service providers.
While enforcement actions against non-financial businesses in the EU have been less frequent in the past, the current trend suggests that increased scrutiny and enforcement in this sector is likely to arise in the future:
This evolving enforcement landscape underscores the need for non-financial businesses to remain vigilant and proactive in understanding and adapting to AML obligations, even if they are not directly regulated under current frameworks.
The developments and trends as set out in section II and III both in India and Europe, may require companies to react to this by renewing their compliance programs and control systems.
Although financial institutions in India have already been subject to a set of obligations by the PMLA, including assessing client referrals, performing due diligence on complex corporate structures, integrating KYC processes, storing biometric and personal data, and tracing the source of funds or financial positions, the widened scope of ‘professions or persons carrying on a designated business’ may pose as a challenge for the new in-scope professions, especially when guidance by the regulator on this is lacking. Moreover, the future trajectory of the Indian companies in the international space depends on their ability to integrate international compliance standards and implement rigorous approaches to combating suspicious activities and KYC standards.
The EU has demonstrated its commitment to pursuing a comprehensive AML strategy by adopting its new package in the summer of 2024. This shows not only the intention to continue with extensive regularisation, but also to intensify efforts in enforcing consistent standards across the board. The focus is now shifting towards new sectors and business models outside the traditional field of financial institutions.
In the course of these developments, Indian companies may consider familiarising themselves with changing European regulations and standards if they want to operate across borders or rely on European suppliers in a careful and compliant manner.
Because of all this, companies should prepare in time and may consider the following:
Publication
Alberta is set to significantly change the privacy landscape for the public sector for the first time in 20 years.
Publication
On December 15, amendments to the Competition Act (Canada) (the Act) that were intended at least in part to target competitor property controls that restrict the use of commercial real estate – specifically exclusivity clauses and restrictive covenants – came into effect.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023