Bankpulse
BanksHomeSearchLatestCo-pilotRankingsCrosswalkHistoryWithdrawnDashboardsRBI UniverseMethodologyGlossaryCircularsAskAnswersChangelogReviewsAbout
HomeCirculars › RBI/2011-12/305

RBI mandates bank-wide ML/TF risk assessment

Live · in forceNo withdrawal recorded as of 20 Jun 2026. Reviewed by Vikram Jain; always verify against the official RBI source below.
Issued by RBI: 19 Dec 2011  ·  Decoded by BankPulse: 20 Jun 2026, 06:02 IST
⏱ ~2 min read
📄 Official RBI source ↗
Quick answerRBI now requires banks to formally assess and document money laundering and terror financing risks across customers, geographies, products, and delivery channels, with board-approved policies to manage these risks.

What changed

RBI has expanded existing KYC/AML requirements by mandating a structured, documented risk assessment for money laundering and terror financing across all customer segments, geographies, products, services, and delivery channels. Banks must now have board-approved policies, controls, and procedures to manage and mitigate these risks using a risk-based approach, with enhanced due diligence for medium or high-risk categories.

What it means for you

Banks can no longer rely solely on customer-level risk profiling; they must now assess and document ML/TF risk at the portfolio level, including country and product risks. This will require significant upgrades to risk management frameworks, transaction monitoring systems, and board-level oversight. Non-compliance invites penalties under the Banking Regulation Act, 1949.

What you must do

Who it affects

All Scheduled Commercial Banks (excluding RRBs), All India Financial Institutions, Local Area Banks, Board of Directors and senior management of these entities, Compliance and AML/KYC teams

What is the key change from the earlier Master Circular?

Earlier, banks only needed to prepare risk profiles of individual customers. Now, they must also assess and document ML/TF risk at the entity level, including country, product, and delivery channel risks, with board-approved policies.

What happens if we don't comply with this circular?

Non-compliance is a contravention of the Banking Regulation Act, 1949 and PMLA rules, and will attract penalties under the B R Act, 1949.

Can we use the IBA guidance as our risk assessment framework?

Yes, RBI explicitly states that banks may use the IBA's Report on Parameters for Risk Based Transaction Monitoring as guidance, but the final risk assessment and policies must be approved by your board.

Track this rule
⏳ How this rule evolved — History Map →Full RBI rulebook crosswalk →
AI-drafted · 3-model AI consensus fact-check · under the editorial review of Vikram Jain · decoded & published by BankPulse · 20 Jun 2026, 06:02 IST
Official RBI source: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=6877&Mode=0 — Plain-English summary by BankPulse (bankpulse.ai), reviewed by Vikram Jain. Independent platform, not affiliated with the Reserve Bank of India; never reproduces RBI text verbatim.