IFSCA AML/CFT & KYC Amendments 2026: Key Compliance Changes for IFSC Entities

Regulation Name: Circular F. No. IFSCA-DAC/7/2024-AMLCFT
Date Of Issue: 15 Jan2026
Region: India
Agency: IFSCA

IFSCA AML/CFT & KYC Guidelines 2026 Amendments: Strategic Compliance Imperatives for IFSC Regulated Entities

On January 02, 2026, the International Financial Services Centres Authority (IFSCA) issued a critical circular (F. No. IFSCA-DAC/7/2024-AMLCFT) introducing substantive modifications and clarifications to the IFSCA (Anti-Money Laundering, Counter-Terrorist Financing and Know Your Customer) Guidelines, 2022 .

These changes materially impact onboarding, risk categorisation, enhanced due diligence (EDD), STR handling, NRI V-CIP onboarding, Aadhaar-based authentication, group KYC harmonisation, and exemption structures within India’s IFSC ecosystem.

For compliance leaders, MLROs, Principal Officers, and Governing Bodies operating in GIFT IFSC and other notified IFSCs, this circular demands immediate policy recalibration, operational adjustments, and board-level awareness.

This article provides:

• A clause-by-clause regulatory breakdown
• Strategic compliance interpretation
• Governance and operational implications
• Risk management recalibration points
• Implementation checklist for IFSC entities

Applicability and Exemptions: Structural Reframing of Scope

Revised Clause 1.2.1 – Applicability Expanded

The Guidelines now apply to every Regulated Entity licensed, recognised, registered or authorised by IFSCA, unless specifically exempted .

Additionally, the Authority retains discretion to exempt specific activities or entities.

Newly Inserted Exemptions – Clause 1.2.3

The following are now exempt from the Guidelines:

• Global In-House Centres (GICs)
• International Branch Campuses (IBCs)
• Offshore Educational Centres (OECs)
• Financial Crime Compliance Services Providers
• Financial Institutions serving only their Financial Group (subject to FATF conditions)

However:

Exempt entities must undertake Business Risk Assessment (BRA) and comply with PMLA provisions where AML risk is identified .

Strategic Insight for Compliance Leaders

This is not blanket deregulation. It is a risk-based exemption regime. BRA documentation becomes a regulatory defence document.

Failure to properly document BRA could expose exempt entities to enforcement risk.

KYC Infrastructure Modernisation: KRA & E-Document Recognition

Introduction of KYC Registration Agency (KRA)

Clause 1.3.24A formally recognises KRA under IFSCA KRA Regulations, 2025 .

This aligns IFSC KYC infrastructure with broader Indian financial architecture.

Recognition of Equivalent E-Documents

Multiple clauses now explicitly include “equivalent e-documents thereof” .

Compliance Implication

• Digital KYC workflows gain formal legitimacy.
• Technology integration with KRAs becomes strategically important.
• E-document verification audit trails must be preserved.

Confidentiality of Risk Categorisation – Anti-Tipping-Off Reinforcement

New clause 4.1(d):

Risk categorisation and reasons must remain confidential and not be revealed to customers .

Why This Matters

• Reinforces FATF anti-tipping-off principles.
• Prevents customer manipulation of monitoring thresholds.
• Requires internal access control frameworks.

Operationally, CRM systems must ensure customer-facing staff cannot disclose internal risk grading.

Enhanced Due Diligence: Indian Beneficial Owners & Round-Tripping Risk

New Guidance Note under Clause 5.6:

If the Beneficial Owner of an entity is an Indian National, the Regulated Entity must:

• Ascertain source of funds
• Apply enhanced due diligence (EDD)
• Regardless of assigned risk categorisation .

Regulatory Context

This targets:

• Round-tripping structures
• Layered offshore vehicles
• Regulatory arbitrage between IFSC and domestic jurisdiction

Compliance Impact

EDD becomes mandatory in defined structural scenarios — not just risk-scored cases.

This overrides pure algorithmic risk scoring.

KYC Rejection Safeguard for Persons with Disabilities (PwDs)

Clause 5.10 now mandates:

• No rejection of onboarding or KYC updation for PwDs without application of mind.
• Reasons must be recorded .

Governance Implication

• Introduce accessibility review in KYC SOP.
• Ensure audit logs capture officer-level reasoning.
• Avoid discriminatory rejection patterns.

Periodic KYC Updation: Harmonised Financial Group Framework

For resident Indian customers with existing client relationships in a Financial Group:

• High Risk: Every 2 years
• Medium Risk: Every 8 years
• Low Risk: Every 10 years

If group and RE risk categorisation differ:

The stricter periodicity applies.

Strategic Implication

Group-level risk governance now affects IFSC entity compliance.

This requires:

• Cross-entity KYC synchronisation
• Risk taxonomy alignment
• Centralised compliance dashboards

STR Handling Clarification: No Automatic Transaction Restriction

Guidance Note 2A under Clause 10.3:

Regulated Entities shall not restrict any transaction merely on the basis of an STR filed .

Why This Is Critical

This prevents:

• De-risking reflex behaviour
• Unlawful freezing without legal basis
• Customer rights violations

STR filing ≠ Transaction embargo.

Internal training must clarify this distinction.

FIU-IND Reporting & Governance Communication

Entities must:

• Communicate Designated Director & Principal Officer details to FIU-IND and IFSCA
• Furnish information as per Rule 3 & Rule 7 of PML Rules .

This strengthens accountability traceability at governance level.

Board oversight is implicit.

Aadhaar-Based Biometric and Face Authentication

Annexure I clarifies:

• Biometric-based e-KYC including Aadhaar Face Authentication is permitted
• Must comply with the Aadhaar Act, 2016 .

Compliance Note

Integration must:

• Respect consent architecture
• Ensure secure biometric storage controls
• Maintain authentication logs

NRI Onboarding via V-CIP – Jurisdictional Controls & IP Governance

Permitted IP Jurisdictions

For resident Indians: IP must emanate from India.

For NRIs: IP must emanate from India or specified jurisdictions including:

• USA
• UK (excluding BOTs)
• Japan
• South Korea
• Canada
• UAE
• Singapore
• Australia
• European Union (excluding Croatia) .

Subject to FATF not identifying such jurisdiction as high-risk.

Debit Freeze Mechanism

If address cannot be verified:

• Account opened in debit freeze / inactive mode
• Activation procedure must be communicated .

Compliance Architecture Required

• IP geolocation validation tools
• FATF jurisdiction screening overlay
• Automated debit freeze controls
• Activation workflow governance

DARPAN Portal Registration for Non-Profit Clients

Entities must:

• Register NPO clients on NITI Aayog DARPAN Portal
• Maintain records for five years post-relationship .

This aligns IFSC oversight with domestic NPO transparency controls.

Mandatory Banking Unit Channelisation (Clause 7.2.B)

All Financial Institutions must:

Transact or receive all monetary consideration only through an account maintained with a Banking Unit in the IFSC .

Strategic Implication

• Tightens fund flow traceability.
• Enhances IFSC supervisory perimeter.
• Reduces shadow payment risk.

Governance & Implementation Roadmap for IFSC Compliance Heads

Immediate (0–30 Days)

• Update AML/CFT & KYC Policy
• Amend Risk Categorisation SOP (confidentiality clause)
• Integrate Indian BO EDD trigger
• Update STR handling training

Mid-Term (30–60 Days)

• Deploy IP validation controls for V-CIP
• Align Financial Group KYC periodicity
• Update onboarding scripts for PwDs safeguards
• Integrate KRA workflows

Board-Level Reporting

• Present amendment impact note
• Document BRA (if exempt entity)
• Confirm FIU-IND communication compliance

Strategic Takeaways for IFSC Compliance Leaders

The 2026 IFSCA amendments:

• Strengthen risk-based supervision
• Reduce regulatory arbitrage
• Formalise digital KYC infrastructure
• Tighten governance accountability
• Clarify STR and transaction treatment
• Reinforce FATF alignment

These are not cosmetic updates — they recalibrate operational AML control architecture within IFSCs.

For compliance leaders, this is a policy, systems, and governance exercise — not merely a circular update.

Read about the amendment here.

Read about the product: Transact Comply

Empower your organization with ZIGRAM’s integrated RegTech solutions – Book a Demo