9870310368 8860712800


Learning » IFSCA » Record-Keeping under IFSCA AML/CTF Guidelines 2022

SP Services

Record-Keeping under IFSCA AML/CTF Guidelines 2022

Nikhil Mogha

| Updated: Nov 23, 2022 | Category: IFSCA

Record-Keeping under IFSCA AML/CTF Guidelines 2022

The word record keeping can be defined as the process of gathering data in a predefined manner and preserving it for future purposes. The record must be maintained by the regulated entity in the process of maintaining business relations with the customer, following the guidelines of IFSCA on Anti-money laundering/Counter-terrorist financing. The record-keeping helps the regulated entity to provide the documents promptly to the regulatory authorities upon request. It enables a smooth flow of information and record of data of various customers in one place. The present article will discuss in detail the provisions for record-keeping under chapter–IX of the guidelines.

What records are to be maintained by the Regulated Entity?     

The IFSCA guidelines on AML/CTF provide that the regulated entity shall maintain records of the customer information for at least 6 years or such period as prescribed under the applicable laws from the date on which the transaction is completed or the business relationship has ended. It is further mandated that the regulatory authority shall be able to provide information to the regulatory authority or any other agency immediately a copy of records upon request.

Documents for Record-keeping

  • Copy of information obtained at the time of undertaking initial and ongoing Customer Due Diligence.
  • Records of business relationship with the customer (original & Certified copies), including:
    • Communication through letter, E-mail etc. and other information related to the account of the customer.
    • Adequate transaction records to enable a standalone transaction to be reconstructed.
    • Record of internal findings and analysis relating to business transactions which may be reported as usual or suspicious.
  • Notification by an employee to the principal officer relating any suspicion of ML or TF risks.
  • Suspicious transaction report and any other related document or information.
  • Any other communications made with the financial intelligence Unit.
  • Documents related to Risk-assessment[1]
  • Any documents that are required to be expressly maintained by the regulated entity.

Documents kept outside the IFSC

If the documents are kept outside the IFSC, the regulated entity is required to take the necessary steps:

  • Take reasonable measures to ensure that record-keeping of documents is undertaken according to the IFSCA guidelines on AML or CTF.
  • Make sure that records are easily accessible.
  • Make sure that the record-keeping documents are made available to the authority immediately upon request.

What are Risk Assessment Documents?

The chapter on record keeping provides that the regulated entity shall maintain documents and record-keeping of all the documents. The entity shall also made available all the documents and information to the authority upon request including:

  • Documents related to business risk assessment
  • Documents relating to the manner of conducting a business risk assessment.
  • Documents related to customer risk assessment
  • Information on the determination of risk rating of customer

What are the other conditions for Record Keeping under the guidelines?

The other relevant conditions for record-keeping under the guidelines are:

1. The records of all the documents and information may be kept in the electronic mode provided that the documents and information are made available to the authority immediately on demand.

2. Where it is uncertain to determine the date on which the business relationship has ended, in that case, the relationship will be presumed to have been ended on the date on which the last transaction is completed.

3. The regulated entity shall adequately maintain and preserve the records in a manner that enables:

  • Data to be retrieved quickly & easily whenever required or demanded by the authority.
  • The authority to assess the regulated entity’s compliance with the related laws.
  • Identification of third-party or customer
  • Reconstruction of any transaction entered by the regulated entity on behalf of a third-party or customer.

How to maintain Record-keeping if there are data protection laws?

The chapter on Record-keeping provides that the Regulated entity shall verify if there exist any data protection laws that would restrict access to the documents and information. In case if there exist any such laws, the regulated entity is required to obtain the certified copies and preserve such copies in the jurisdiction that allows access to:

  • Regulated entities
  • Authority
  • Law Agencies of India


The record-keeping enables the regulated entity to ensure that the records are maintained and preserved so that it can be made accessible to the authority and other law enforcement agencies. Further, to ensure that the records are made available to the authority immediately, the entity may require to keep the records in electronic format. The guidelines enable the regulated entity to ensure that the entity remains updated with all the information on customers or third-party. Moreover, it also allows the regulatory authority to maintain scrutiny over the affairs of the regulated entity while maintaining business relations with the customer or third party.

Read Our Article: Significance of Bookkeeping and Maintenance of Accounting Records

Nikhil Mogha

An Advocate by profession, Nikhil Mogha holds experience in the field of Business and Securities law. He has done his Masters of Law in Corporate Law from Guru Gobind Singh Indraprastha University, New Delhi. He is also versed with the drafting and research work in the field of Company Law, Banking Laws and Contract Laws.

Business Plan Consultant

No Comments

Leave a Reply

Request A Call Back

Are you human?: 3 + 8 =


Startup CFO

Trending Articles

Hey I'm Suman. Let's Talk!