Short Note on International Financial Services Centres Authority (KYC Registration Agency) Regulations, 2025

The International Financial Services Centres Authority (KYC Registration Agency) Regulations, 2025, notified on April 11, 2025, by the IFSCA under the IFSCA Act, 2019, establish a framework for KYC Registration Agencies (KRAs) in the International Financial Services Centre (IFSC). These regulations aim to streamline KYC processes, ensure compliance with anti-money laundering (AML) and counter-terrorist financing (CTF) standards, and enhance investor protection in the IFSC.

Bare Act : https://lawyerslibrary.in/books/jhag/

Key Provisions

  1. Objective and Scope:
    • Governs the registration, operations, and obligations of KRAs responsible for storing, validating, and sharing KYC records of clients engaging with regulated entities in the IFSC.
    • Effective from the date of publication in the Official Gazette.
  2. Registration Requirements:
    • Entities must apply for a certificate of registration, be incorporated as a company in the IFSC (or a branch/subsidiary of SEBI-regulated entities), and maintain a minimum net worth of USD 1 million.
    • Must meet fit and proper criteria for the entity, its principal officer, compliance officer, and key personnel.
    • Eligible applicants include subsidiaries of stock exchanges, depositories, or SEBI-regulated KRAs.
  3. Key Obligations of KRAs:
    • Store, safeguard, and retrieve KYC documents as per IFSCA AML/CTF Guidelines, 2022, and the Prevention of Money Laundering Act, 2002.
    • Ensure interoperability with other KRAs, secure data transmission, and independent validation of KYC records.
    • Maintain audit trails, comply with data protection laws (e.g., Digital Personal Data Protection Act, 2023), and notify clients upon receipt of KYC documents.
    • Implement robust cybersecurity, risk management, and business continuity plans.
  4. Obligations of Regulated Entities:
    • Conduct initial KYC/due diligence, upload KYC data to KRA systems within 3 working days, and retain physical documents.
    • Verify and update client KYC details via KRA systems and ensure data is used only for intended purposes.
  5. Inspection and Enforcement:
    • IFSCA may appoint inspecting authorities or third parties to audit KRA operations, ensuring compliance with regulations.
    • Non-compliance may lead to suspension, cancellation of registration, or other enforcement actions after a hearing.
  6. Miscellaneous:
    • KRAs must adhere to a Code of Conduct (Schedule-I), maintain records for 8 years, and report changes in key personnel or control to IFSCA.
    • IFSCA retains powers to call for information, relax enforcement, and issue clarifications to facilitate compliance.

Significance

The regulations promote a secure, efficient, and standardized KYC framework in the IFSC, fostering trust in financial services, ensuring regulatory compliance, and aligning with global AML/CTF standards. They support the IFSC’s growth as a financial hub by enhancing operational transparency and client data protection.

Multiple Choice Questions (MCQs)

  1. When did the IFSCA (KYC Registration Agency) Regulations, 2025, come into force?
    a) April 11, 2025
    b) Upon publication in the Official Gazette
    c) January 1, 2025
    d) March 31, 2025
    Answer: b) Upon publication in the Official Gazette
  2. What is the minimum net worth requirement for an entity seeking registration as a KRA in the IFSC?
    a) USD 500,000
    b) USD 1 Million
    c) USD 2 Million
    d) No specific requirement
    Answer: b) USD 1 Million
  3. Which of the following entities is eligible to apply for KRA registration?
    a) A wholly owned subsidiary of a stock exchange regulated in India
    b) An unregistered financial institution
    c) A sole proprietorship in the IFSC
    d) A non-profit organization
    Answer: a) A wholly owned subsidiary of a stock exchange regulated in India
  4. What is the minimum experience required for a Principal Officer of a KRA?
    a) 5 years in the financial services market
    b) 10 years in the financial services market
    c) 15 years in the financial services market
    d) No experience required
    Answer: b) 10 years in the financial services market
  5. How long must a KRA retain KYC documents in electronic form?
    a) 5 years
    b) 8 years
    c) As per the Prevention of Money Laundering Act, 2002
    d) 10 years
    Answer: c) As per the Prevention of Money Laundering Act, 2002
  6. What is a key function of a Regulated Entity under these regulations?
    a) Conducting annual audits of the KRA
    b) Uploading KYC information to the KRA system within 3 working days
    c) Appointing the KRA’s Compliance Officer
    d) Developing the KRA’s cybersecurity framework
    Answer: b) Uploading KYC information to the KRA system within 3 working days
  7. What action can the IFSCA take in case of a KRA’s non-compliance?
    a) Impose a fine without notice
    b) Suspend or cancel registration after providing an opportunity to make submissions
    c) Automatically renew the KRA’s registration
    d) Exempt the KRA from regulations
    Answer: b) Suspend or cancel registration after providing an opportunity to make submissions
  8. Which law governs the data protection obligations of a KRA?
    a) Companies Act, 2013
    b) Digital Personal Data Protection Act, 2023
    c) Securities and Exchange Board of India Act, 1992
    d) Prevention of Money Laundering Act, 2002
    Answer: b) Digital Personal Data Protection Act, 2023
  9. What is the purpose of interoperability among KRAs?
    a) To increase KRA registration fees
    b) To determine if a client’s KYC documents are held by another KRA
    c) To allow KRAs to share client profits
    d) To reduce the net worth requirement
    Answer: b) To determine if a client’s KYC documents are held by another KRA
  10. Who can the IFSCA appoint to inspect a KRA’s books and records?
    a) Only IFSCA employees
    b) An Inspecting Authority or a third-party professional
    c) Any client of the KRA
    d) Only SEBI officials
    Answer: b) An Inspecting Authority or a third-party professional

Frequently Asked Questions (FAQs)

  1. What is the purpose of the IFSCA (KYC Registration Agency) Regulations, 2025?
    The regulations establish a framework for KYC Registration Agencies (KRAs) in the IFSC to standardize KYC processes, ensure compliance with AML/CTF guidelines, safeguard client data, and promote transparency and investor protection in financial services.
  2. Who can apply to become a KRA in the IFSC?
    Eligible applicants include:
    • Wholly owned subsidiaries of stock exchanges or depositories regulated in India, the IFSC, or a foreign jurisdiction.
    • Wholly owned subsidiaries or branches of SEBI-regulated entities undertaking similar KRA activities, provided there is no conflict of interest.
  3. What are the net worth requirements for a KRA?
    A KRA must maintain a minimum net worth of USD 1 million at all times. For a branch of a SEBI-regulated entity, this amount must be earmarked and ring-fenced.
  4. What qualifications are required for a KRA’s Principal Officer and Compliance Officer?
    • Both must have a professional qualification or postgraduate degree in fields like finance, law, or business management, or a bachelor’s degree with 15 years of financial services experience.
    • A Principal Officer needs at least 10 years of experience, and a Compliance Officer needs at least 5 years.
  5. What are the key responsibilities of a KRA?
    KRAs are responsible for:
    • Storing, validating, and retrieving KYC documents.
    • Ensuring interoperability with other KRAs.
    • Maintaining secure data transmission and compliance with data protection laws.
    • Conducting audits and implementing cybersecurity and risk management frameworks.
  6. What obligations do Regulated Entities have under these regulations?
    Regulated Entities must:
    • Perform initial KYC/due diligence and upload KYC data to the KRA system within 3 working days.
    • Retain physical KYC documents.
    • Verify and update client KYC details via the KRA system and ensure data is used only for intended purposes.
  7. How does the IFSCA ensure compliance by KRAs?
    The IFSCA may appoint an Inspecting Authority or third-party professionals to audit KRA operations, including books, records, and systems. Non-compliance can lead to enforcement actions like suspension or cancellation of registration after a hearing.
  8. What is the role of the Code of Conduct for KRAs?
    The Code of Conduct (Schedule-I) outlines ethical standards for KRAs, requiring them to protect client interests, maintain integrity, ensure confidentiality, avoid conflicts of interest, and comply with all applicable laws and regulations.
  9. Can a KRA share KYC data with other entities?
    A KRA may share KYC data with entities regulated by other financial sector regulators or a central KYC registry authorized by the Central Government, but only for KYC purposes and with client consent.
  10. What happens if a KRA wishes to surrender its registration?
    A KRA can apply to surrender its registration, but the surrender is effective only upon acceptance by the IFSCA. The KRA must comply with all obligations until the surrender is accepted.
, , , , , , , , , , , , , ,