What changed
RBI updated its earlier KYC/AML guidelines (from November 2009) by incorporating FATF's October 2010 statement. The circular now explicitly identifies Iran as a jurisdiction requiring countermeasures and DPRK as a jurisdiction with unaddressed AML/CFT deficiencies.
What it means for you
Banks and authorised persons must exercise enhanced due diligence for any transactions or relationships involving Iran or North Korea. The circular reinforces that non-compliance with these AML/CFT guidelines can attract penal provisions under FEMA and PMLA.
What you must do
- Update your AML/CFT risk assessment frameworks to include the specific risks from Iran and DPRK.
- Apply enhanced due diligence for all business relationships and transactions with persons or entities from these jurisdictions.
- Ensure your Principal Officer acknowledges receipt of this circular to the RBI.
- Communicate these requirements to all relevant constituents and branches.
Who it affects
All authorised persons (banks, forex dealers, money changers), Compliance and AML teams, Principal Officers of authorised entities
What are the two groups of jurisdictions mentioned in this circular?
The first group is Iran, where FATF calls for countermeasures to protect the financial system. The second group is Democratic People's Republic of Korea (DPRK), which has strategic AML/CFT deficiencies and no committed action plan as of October 2010.
What legal backing does this circular have?
It is issued under Section 10(4) and Section 11(1) of FEMA, 1999, and under PMLA, 2002 (as amended). Non-compliance can attract penal provisions under these acts and related rules.
Do I need to report anything to RBI after reading this?
Yes, your Principal Officer must acknowledge receipt of this circular to the RBI as specified in paragraph 5.