Businesses dealing with foreign exchange, such as Full-Fledged Money Changers (FFMCs), are prone to white-collar crimes like Money Laundering (ML), Terrorist Financing (TF) or Proliferation Financing of Weapons of Mass Destruction (PF) due to the inherently vulnerable nature of their operations. As India strengthens its commitment to fight financial crimes, FFMCs are critical gatekeepers. FFMCs operating in India are required to adhere to Anti-Money Laundering (AML), Counter Terrorism Financing (CTF) and Counter Proliferation Financing (CPF) obligations.
Here’s a comprehensive guide for FFMCs in India to help them understand their ML/TF risk landscape, regulatory obligations, implementation challenges, and best practices to adopt for effective application of AML/CFT/CPF requirements.
Understanding Full-Fledged Money Changers in India
Full-Fledged Money Changers (FFMCs) are companies having primary operations in the foreign exchange market. They officially carry out business of buying, selling of foreign currencies and provide services to facilitate currency conversions for arriving and departing travellers on tourism, education, business trips, or medical treatments overseas.
Who are Considered FFMCs in India?
In India, non-banking entities primarily dedicated to money-changing activities and licensed by the RBI are considered FFMCs. They are authorised to,
- Buy foreign currency notes, coins and travellers’ cheques from residents and non-residents.
- Sell foreign exchange for approved purposes such as travel abroad for business, education, or medical treatment.
- Issue and reload prepaid forex cards
- Encashing traveller’s cheques.
Role of FFMCs in Foreign Exchange Transactions
As international travel and global trade thrive, the demand for foreign exchange services is higher than ever. FFMCs play a key role in bridging the gap between an individual’s foreign currency needs and India’s financial system.
FFMCs buy foreign currency from inbound travellers and sell it to outbound travellers, ensuring an easy two-way flow of foreign exchange in the retail market.
Due to their authorised nature by virtue of obtaining approvals and licenses from the RBI, these FFMCs facilitate legally approved and hassle-free way for individuals to meet their travel-related foreign exchange requirements overseas.
Check your AML/CTF/CPF Compliance performance with
our AML/CTF/CPF health check services
Full Fledged Money Changers (FFMCs) and Money Laundering: An Interconnected Vulnerability
FFMCs sit at the sensitive junction of legitimate cross-border flows and mostly deal with one-time customers and their transactions are highly cash-intensive. The nature and scope of their services make them inherently vulnerable to Money Laundering or financial crime risks. Wrongdoers often exploit FFMCs as an instrument to clean their dirty money because transactions are mostly quick, paper-light and travel linked.
Cash-Intensive Nature of Foreign Exchange Business
FFMCs, being money changers, mainly deal in physical cash, having high volume that needs to be exchanged into another currency. This makes it difficult to trace the origin of funds and increases vulnerability of layering and counterfeit currency.
Vulnerabilities from Cross-Border Transactions
The business operations of FFMCs sit at the core of foreign exchange market which exposes them to cross-border transactions. This increases the risks of ML/TF activities as verifying authenticity of foreign documents and counterparties is complex.
Cash Conversion Risks in Border Tourist Areas
The FFMC counters near international borders, pilgrim places and tourist-heavy zones are fundamentally at high risk during cash conversion. These risks are primarily due to cross-border smuggling, hawala inflows disguised as tourist exchange, and fake currencies.
Risks of Structuring, Smurfing and Trade-Based Money Laundering (TBML)
The high-transaction volume of FFMCs elevates the risks of sophisticated ML tactics like structuring and smurfing. Launderers evade reporting thresholds by breaking large amounts of tainted money into smaller transactions and depositing them in multiple FFMCs.
Fragmented and Dispersed Operations
A large portion of FFMCs run in small outlets at places like airports, hotels or tourist locations. Owing to their fragmented and dispersed operations, maintaining a standard AML norm in all its outlets is tough. This gives a means to wrongdoers to wash their illicit money.
Threats Stemming from Tourists and Walk-in Customers
Most of the client base of FFMCs are tourists, business travellers or students who are one-time or occasional customers. Due to limited or no ongoing customer relationships it is harder to conduct any due diligence. This increases the risks of financial crimes.
Misuse of Prepaid Forex Instrument
FFMCs sell prepaid travel cards and exchange unused forex. These services can be misused for layering, such as loading a prepaid card with funds, withdrawing the same overseas, and later encashing the same. Moreover, tracking such activities and their end-use is hard due to one-time profiling.
Difficulties in Identifying Beneficial Ownership
Business relationships in the FFMC context are fleeting, making it difficult to identify the Ultimate Beneficial Owners (UBOs) in complex corporate structures. Wrongdoers can take advantage of this vulnerability to conceal the true ownership of criminal funds.
Dependence on Third Parties
There is a general practice for FFMCs to rely on third parties such as intermediaries or franchisees for their business activities. Weak oversight on these third parties can increase the risks of anonymous transactions and structuring activities routed through them.
Protect Your Money Changing Business from Hidden Risks
Stay One Step Ahead of Financial Crime Threats with AML India
Why are FFMCs Vulnerable to Money Laundering Risks?
Due to its ML/TF vulnerabilities, there are various sophisticated methods through which miscreants exploit FFMCs to legitimize their criminal proceeds. With FFMCs as a channel, illegal money can be moved through various methods of placement, layering and integration.
- Placement through FFMC: In this stage, proceeds of crime are brought by criminals to FFMC with an aim to introduce it into the legitimate financial system. Miscreants bring foreign cash to an FFMC which exchanges it into local currency or traveller’s cheques. As the cash is converted via a legitimate licensed FFMC business, it appears to enter the formal system like a normal foreign exchange transaction.
- Layering through FFMC: In this stage, wrongdoers try to obscure the origin of funds through multiple movements and transactions. Criminals undertake recurrent small transactions by the same ID across FFMC outlets, multiple prepaid cards are reloaded by the same person or currency is swapped into multiple denominations to make the original source untraceable.
- Integration through FFMC: In this stage, criminals use FFMCs as a vehicle to return the illegitimate funds as apparently legitimate money into the financial system. These include undertaking rapid movements of funds into local businesses and encashment of foreign notes without original receipts with the aim of cleaning the proceeds of crimes.
Red Flags Indicating ML/FT and PF Risks to FFMCs
Any unusual transactions deviating from the regular course of business must be identified by the FFMCs, as there might be an underlying pattern of disguising the original source of criminal funds. FFMCs should be watchdogs and must stay vigilant to identify the following red flags.
| Risk Category of Red-Flags | Red Flags for FFMCs |
| Customer Risk | Unusual or suspicious behaviour |
| Reluctance to provide key identification documents | |
| Use of multiple IDs or fictitious names | |
| Use of tempered or forged documents | |
| Documentation Risk | Details contained within customer identification documents are inconsistent with the information provided |
| Unclear Beneficial Ownership details | |
| Unwillingness from customers to provide information related to sources of funds | |
| Transaction Risk | Frequent low value transactions just below the reporting thresholds |
| Unusual high value forex purchase with vague purposes | |
| Acquiring currency disproportionate with the customer’s sources of funds | |
| Multiple forex exchanges by the same individual or group of individuals without rationale | |
| Geographical Risk | Customers from high-risk such as FATF grey/blacklist countries or UNSCRs |
| Customers from high-risk areas involved in frequent forex transactions inconsistent with their travel itinerary. |
AML/CFT Compliance Obligations on FFMCs in India
FFMCs are operated under a highly restricted framework by the Indian regulatory framework, as they are considered an easy target for entities and persons involved in illegal money flow and terrorist funding. Robust AML/CFT obligations are imposed.
The Prevention of Money Laundering Act (PMLA), 2002, is the primary legislation for the Anti-Money Laundering Laws in India. The act recognises FFMCs as “Reporting Entities” and mandates them to perform various AML/CFT obligations in order to combat the risks of ML/TF.
These obligations comprise conducting thorough Client Due Diligence (CDD), Ongoing Monitoring, Maintenance of Records and Reporting Suspicious Transactions with the Financial Intelligence Unit-India.
PMLA Rules in accordance with the PMLA Act lays down the procedure to comply with AML/CFT obligations of PMLA Act.
Foreign Exchange Management Act (FEMA), 1999, recognises FFMCs as “Authorised Persons” and issues directions and circulars set out for them. As per that, Authorised Persons such as FFMCs are compulsorily required to be licensed under the Reserve Bank of India (RBI) to be able to operate.
The Reserve Bank of India has issued detailed guidelines for FFMCs to take appropriate KYC/AML/CFT measures. Certain mandatory requirements for FFMCs are;
- KYC Policy
- Customer Acceptance Policy
- Transaction Monitoring
- Appointment of a Principal Officer
- Record Maintenance
- Regulatory Reporting to FIU-IND.
Step-by-Step Guide for FFMCs to Comply with AML/CFT Requirements
Compliance with AML/CFT obligations for FFMCs is non-negotiable. FFMCs should appoint a Principal Officer, conduct risk management exercises, frame an AML/CFT Policy, apply CDD measures, transaction monitoring, detect suspicious transactions, report it to FIU-IND, maintain records, conduct internal audits and carry out staff training for efficient adherence of the India’s AML/CFT legislations.
Framing KYC Policy
Implementing a sector-specific KYC policy is essential for FFMCs to ensure robust AML/CFT compliance. The policy incorporates elements such as Customer Acceptance, Identification, Transaction Monitoring, and Risk Management procedures.
Before starting a business relationship, it mandates ID verification for all customers, including beneficial owners, using valid documents like government IDs, address proofs, passports and visas. It also articulates rules for screening against Sanction Lists, PEPs, and Adverse Media at onboarding, eliminating the possibilities of penetration by any dubious client.
Performing Customer Risk Assessment
Doing a thorough risk assessment of the clients before starting the business relationship is an imperative risk mitigation measure for FFMCs. It facilitates them in understanding the ML/TF threats arising out of a particular customer based on the details provided, such as the country of residence, purpose of transaction, frequency, and size of forex transactions.
The Customer Risk Assessment should be based on the FFMC’s risk-taking ability. Once the customer risk is assessed, classifying clients into risk categories such as low, medium, and high serves to help them take the risk-based approach.
Applying Customer Due Diligence (CDD)
Applying Customer Due Diligence (CDD) on clients as per their risk categorisation is an important compliance function for FFMCs. This includes taking risk-based approach while implementing CDD measures. It is prudent that FFMCs apply Enhanced Due Diligence (EDD) on customers carrying large cash, having frequent forex transactions, high-net worth individuals, PEPs or clients belonging to FATF high-risk jurisdictions. Additionally, collecting additional supporting documents for high-risk clients whose Source of Funds is not clear is essential for FFMCs.
Conducting Ongoing Monitoring of Transactions
The filing of relevant Regulatory Reports within prescribed timeframe ensures regulatory compliance. If there are concrete grounds to suspect proceeds of crime, submitting a Suspicious Transaction Report (STR) to FIU-IND within 7-days after concluding the suspicion is mandatory requirement. Additionally, other Regulatory Reports such as Cash Transaction Report (CTR) for each month is required to be submitted to FIU-IND. The Principal Officer is delegated the authority to file such Regulatory Reports.
| Regulatory Reports | When to File? | Timeframe for Filing? | Where to File? |
| Suspicious Transaction Report (STR) | Reasonable grounds to suspect proceeds of crime | Within 7 days, once the suspicion is established | FIU-IND’s FINGate 2.0 Portal |
| Cash Transaction Report (CTR) | All cash transactions above 10,00,000 INR or small transactions whose aggregate value exceeds 10,00, 000 INR or its foreign currency equivalent in a single calendar month | Each month, by 15th of the succeeding month | FIU-IND’s FINGate 2.0 Portal |
Maintaining Records
As per the instructions of PMLA and RBI, preserving records of client identification, beneficial owner details, transactions history, business correspondence, regulatory reports for a period of at least 5 years ensures FFMCs obeys the fundamental compliance obligations. These also includes records mentioned under PMLA Rules relating to large cash transactions that are required to be maintained for 10 years. FFMCs should make sure these records are easily retrievable and accessible at the time of regulatory inspection.
| Record Retention Period | Which Records should be Maintained? |
| 5 Years | – Customer identification records of all residents and non-resident clients (KYC Documents) – Records of transactions related to money-changing activities – Records of Client Due Diligence and Enhanced Due Diligence – Records of all STR/CTR submitted and other regulatory actions taken |
| 10 Years | – Records of all cash transactions over 10 lakh INR or its foreign currency equivalent – Records for series of small cash transactions whose aggregate value exceed 10 lakh INR in single calendar month – Records of transactions involving NPOs exceeding 10 lakh INR or its foreign currency equivalent – Records for cash transactions where counterfeit notes have been used |
Conducting Internal Audits
Conducting concurrent internal audits helps FFMCs to verify adherence of AML Compliance across all their outlets, ensuring uniformity. These internal audits assess the efficacy of overall AML/CFT framework including policies, procedures, methodologies, maintenance of records and training sessions applied for combating the threats of anticipated ML/TF activities.
Conducting AML/CFT Training
It is important to conduct periodic and consistent employee training programs for staff members to ensure they remain informed of the policies, procedures and overall workflow related to AML/CFT Compliance. This training module also covers red flags to recognise ML/TF activities, which ensures timely escalation from front-line staff. Additionally, FFMCs should ensure that the training provided to employees is role-based and risk-based for better effectiveness.
From Rules to Results!
Master to Incorporate AML/CFT Requirements into Daily Operations with AML India
Challenges Faced by FFMCs While Implementing AML/CFT Obligations
Despite clearly articulated regulatory requirements, FFMCs in India often find themselves at the crossroads of efficiently implementing them. There are lot of challenges FFMCs come across to comply with AML/CFT obligations of India such as scarce resources, lack of skill-force, complexities in transaction monitoring, difficulties in verification of foreign customers, over reliance on manual process, constantly changing regulatory norms and the burden to keep pace with it.
Resource Deficiencies and Skill Gaps
A large portion of FFMCs are smaller ones and have very scarce resources and funding to effectively implement AML/CFT obligations as mandated by PMLA. The staff at counter are not adequately trained enough due to lack of resources. This makes it difficult for them to identify red flags and report suspicious activities or transactions, resulting in compliance failures.
Verification of Foreign Nationals and Non-Resident Customers
FFMCs often face difficulties to accurately verify the identities of their customers, especially foreign nationals and non-resident customers. Due to a transient client base, problems arise in validating foreign IDs, visas and travel documents in real time. This increases risk of forged passports or stolen identities slipping through KYC, making it harder for FFMCs to comply with regulatory requirements.
Transaction Monitoring Complexities
Unlike other financial intermediaries, FFMCs usually don’t have deep transaction histories of their customers due to brief business relationships. With mostly one-time users, building risk profiles and tracking transactions patterns is inherently harder and complicated. This makes it easier for wrongdoers to bypass the security checks at FFMC counters and inject illicit foreign currency into the system, exposing the compliance gaps of the services.
Reliance on Manual and Outdated Process
Smaller FFMCs are still dependent on manual process for AML/CFT compliance. Lack of technology integration obstructs FFMCs to efficiently collect, analyse and monitor large amounts of data that are crucial for real-time threat detection. This weakens the fundamental AML/CFT obligations such as KYC, Screening, Monitoring, Reporting and Record-Keeping.
Burden of Regulatory Reporting
Regulatory landscape is constantly evolving as the new ML/TF typologies arise, and FFMCs often lag behind to keep pace with the evolution. The obligations to file CTRs, STRs and maintain records for FIU-IND are burdensome for the FFMCs, especially smaller ones. Lack of enough compliance resources makes the timely and accurate reporting difficult.
Don’t Let Trials Obstruct Your Compliance Pathway
Tackle the Toughest Hurdles Along with AML India
Best Practices for FFMCs for Ensuring Robust AML/CFT Compliance
FFMCs should adopt certain best practices to efficiently sail through the complex regulatory landscape. These best practices consist of aligning AML/CFT program with PMLA/RBI Guidelines, building risk-based profiling, monitoring transactions, leveraging advanced technology, ensuring oversight, mandating periodic reviews and incorporating extensive training for staff to understand specific ML/TF typologies related to money-changing sector.
Alignment with the PMLA Rules and RBI Guidelines
FFMCs must align their AML/CFT program with the PMLA Rules, RBI Guidelines, FEMA and FATF Recommendations. From the core rationale of the program to the internal compliance functions such as KYC, CDD, EDD, Screening, Monitoring, Reporting and Training should reflect the adherence to the regulatory obligations of India’s AML/CFT legislations and commitment towards combating the crimes of ML/TF.
Building Risk-Based Customer Profiling
While onboarding customers, FFMCs must build risk-based profiles for each of them instead of one-size-fits-all profile. Undertake a specific risk assessment covering nature, purpose of their transactions, their jurisdiction and other relevant details pertaining to the identity of the customer. Maintain a risk rating of customers and customer segments that reflects cash intensity and apply EDD there.
Adopting Transaction Monitoring Beyond RBI Thresholds
FFMCs must adopt transaction monitoring beyond RBI thresholds to identify sophisticated tactics for ML/TF activities. RBI mandates reporting for transactions above certain limits, but wrongdoers try to structure transactions below those limits. Therefore, FFMCs must create internal early warning triggers for frequent small forex purchases for no reason or encashment inconsistent with travel. Define thresholds for transactions that trigger alerts or reviews.
Leveraging RegTech Solutions into Compliance Functions
FFMCs must leverage and utilise advanced RegTech solutions in their day-to-day AML/CFT compliance functions for improved efficiency. Apply digital KYC for efficient and hassle-free onboarding.
Integrate automated and semi-automated software equipped with AI and Machine Learning technologies to flag unusual or suspicious cash transaction patterns. Implement an API-driven reporting system for filing direct regulatory reports to FIU-IND with minimal manual intervention. This ensures timely detection and swift reporting to regulatory authorities.
Ensuring Oversight Across Outlets
As many of the FFMCs operate through third-party intermediaries such as franchisees or agents, they must centralise AML/CFT compliance functions across all their outlets and ensure robust oversight. There should be timely inspection across all its outlets to oversee adherence to KYC/AML guidelines, policies and procedures. FFMCs must set standards for properly documenting transactions and maintaining records in all their branches, which is crucial for internal audits and regulatory inspections.
Mandating Periodic Reviews of AML/CFT Policy
The foreign exchange market is continuously evolving with frequent new updates in its typologies and regulatory environment. FFMCs must mandate a periodic review of the AML/CFT Policy to enhance their compliance program. Periodic reviews give room to understand and identify the gaps in their current AML/CFT program and incorporate new changes. This ensures that FFMCs prioritise resource allocation in areas that are more vulnerable.
Incorporating Extensive Training for Staff to Understand FFMC-specific ML/TF Typologies
Financial Crime tactics used in foreign exchange markets are comparatively different from the usual methods. To understand this sector-specific ML/TF risk indicators, FFMCs must include extensive staff training program in their compliance functions.
New threats and trends must be covered in the modules to keep staff informed and up to date. For effective competence, role-based training should be provided to the front-line staff, compliance officer and senior management on the identity verification and escalation protocols.
Report, Record, Review-Without Rush!
Adopt Our Tailored Solutions to Efficiently Navigate Regulatory Landscape
Turn FFMCs ML/TF Vulnerabilities into Resilience by Employing Robust AML/CFT Controls
Money-changing businesses demand a vigilant approach to AML/CFT compliance due to their vulnerable and high-risk nature of operations, which can facilitate illicit activities. Therefore, FFMCs cannot miss the mark when implementing strict AML/CFT measures in accordance with India’s regulatory framework. By applying dedicated controls such as robust KYC, transaction monitoring, effective record-keeping, and timely regulatory reporting, FFMCs can turn their exposures into resilience. A well-structured AML/CFT measures not only safeguard FFMCs but also protect the integrity of India’s financial ecosystem.
About the Author
Pathik Shah
FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)
Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.
