Refining The AML/KYC Framework For Ifscs: An Analysis Of IFSCA's January 2026 Circular

Introduction

The International Financial Services Centres Authority (IFSCA) to continue its steady recalibration of India's offshore financial regulatory framework with the issuance of a circular dated 2^nd January 2026¹ introducing modifications and clarifications to the IFSCA (Anti-Money Laundering, Counter-Terrorist Financing and Know Your Customer) Guidelines, 2022. These guidelines having an immediate effect, reflect the regulator's dual objective of tightening risk controls where vulnerabilities persist while easing operational friction for regulated entities through clarity and proportionality. This article analyses the key amendments their regulatory intent, and the practical implications for entities operating in International Financial Services Centres (IFSCs).

Confidentiality of Risk Categorization to Prevent “Tipping Off”

A significant compliance-oriented insertion in Clause 4.1(d) which mandates that customer risk categorization and the reasons for the categorization must remain confidential and are not to be disclosed to the customer. This is for clear rationale that this disclosure could alert the customers to enhanced security, thereby enabling the circumvention of AML controls. This provision brings IFSC regime in line with international AML standards on anti-tipping-off, reinforcing the regulator's emphasis on effective enforcement.

Extended Applicability and Clarified Examples

The substituted Clause 1.2.1 confirms that the Guidelines apply to all regulated entities licensed, recognised, registered or authorised by IFSCA, subject to specific exemptions. At the same time, IFSCA has expressly retained its discretion to exempt certain entities or activities.

Notably, the circular codifies exemptions for entities such as:

• Global-in-House Centres,
• International Branch Campuses and Offshore Educational Centres,
• Financial Crime Compliance Service Providers, and
• Financial institutions providing services exclusively within their financial group, subject to FATF risk considerations.

However, these exemptions are not absolute. Exempt entities are now required to conduct and document a Business Risk Assessment, and where AML/CTF risks are identified, compliance with the Prevention of Money Laundering Act, 2002 and the Guidelines becomes mandatory.

Enhanced Due Diligence for Indian Beneficial Owners

The circular introduces a new requirement under Clause 5.6 of the 2022 guidelines to address concerns of round tripping and capital recycling. The beneficial owner of an entity is an Indian national, regulated entities must endeavour to ascertain the source of funds and apply enhanced due diligence, regardless of the customer's assigned risk category. This proves to be a departure from the strict reliance on formal risk classifications and the regulator's recognition of structural risks unique to Indian outbound and inbound financial flows.

Safeguards for Persons with Disabilities in KYC Processes

The insertion of a proviso to Clause 5.10 presents an important safeguard, whereby no KYC application or periodic updation involving Persons with Disabilities (PwDs) may be rejected without application of mind, and reasons for rejection must be recorded. Regulated entities must ensure that automated or standardised KYC processes do not result in mechanical exclusions, particularly where vulnerable individuals are concerned, indicating the true meaning of the term financial inclusion.

Rationalised Periodic KYC Updation for Resident Indians

This circular brings clarity on periodic KYC updation for resident Indian customers who already maintain relationships within an Indian financial group. The revised timelines ranging from two years for high-risk customers to eight years for medium risk customers and to ten years for low-risk customers, introduce predictability and reduce unnecessary duplication. Importantly, where risk categorisation differs between a group entity and the IFSC regulated entity, the stricter standard prevails, ensuring regulatory consistency without compromising prudence.

Filing STRs Without Freezing Accounts

Another operationally critical clarification appears in the newly inserted Guidance Note 2A to Clause 10.3, which states that regulated entities shall not restrict transactions merely because a Suspicious Transaction Report (STR) has been filed. Freezing or restricting accounts solely on this basis could expose institutions to customer disputes and regulatory overreach. The clarification provides much needed comfort to compliance officers navigating the tension between vigilance and proportionality.

Aadhaar, e-Documents, and Digital KYC Enablement

Several amendments facilitate digital onboarding and verification, including:

• Explicit recognition of equivalent e-documents as valid,
• Clarification that biometric-based e-KYC, including Aadhaar Face Authentication, may be conducted by regulated entities and business facilitators, and
• Alignment with the Aadhaar Act, 2016 and associated regulations.

These changes reflect IFSCA's broader objective of making IFSCs globally competitive, technology-friendly financial hubs without diluting regulatory safeguards.

NRI Onboarding Through V-CIP: Geographic and Operational Clarity

The circular revises and standardises the list of jurisdictions from which low-risk Non-Resident Indian (NRI) customers may be onboarded through Video based Customer Identification Processes (V-CIP). It also introduces operational clarity by permitting account opening in debit-freeze or inactive mode where address verification is pending. By limiting V-CIP onboarding to specified jurisdictions such as the United States, United Kingdom (excluding British Overseas Territories), Canada, UAE, Singapore, Australia, Japan, South Korea, and the European Union (excluding Croatia), the amendment reduces interpretational ambiguity while ensuring that remote onboarding is confined to countries with robust AML/CTF frameworks and acceptable risk profiles.

The circular also addresses practical verification challenges by permitting regulated entities to open NRI accounts in debit freeze or inactive mode where current address verification cannot be immediately completed. Instead of rejecting onboarding outright, the amendment allows accounts to be created with transactional restrictions until verification is finalised, provided customers are informed of the activation process.

Conclusion

Rather than introducing sweeping overhauls, the January 2026 circular fine tunes the AML/KYC framework to address practical gaps observed during implementation. The emphasis on confidentiality of risk categorisation, enhanced scrutiny of beneficial ownership, and proportional treatment of STR filings reflects a regulator increasingly focused on outcomes rather than form. Regulated entities that embed these principles into their compliance architecture will be better positioned to navigate supervisory scrutiny and sustain long-term operational stability within IFSCs.

Footnote

1. F. No. IFSCA-DAC/7/2024-AMLCFT

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.