IFSCA Notifies KYC Registration Agency Regulations, 2025: Know Complete Details [Read Notification]

The International Financial Services Centres Authority ( IFSCA ) has notified the IFSCA (KYC Registration Agency) Regulations, 2025. It is established to govern the registration, functioning, and compliance requirements of entities operating as Key Registration Agencies (KRAs) within International Financial Services Centres ( IFSCs ) in India.

These regulations were promulgated under the authority granted by the IFSCA Act, 2019, and came into effect from the date of their publication in the official Gazette of India on April 16, 2025.

The regulations begin by defining key terms and setting out the scope of their application. Important definitions include "Authority" or "IFSCA," referring to the regulatory body established under the IFSCA Act; "Customer," meaning any person engaged in financial transactions with a registered entity; and "Control," which involves the ability to govern the management or policies of an entity either directly or indirectly through ownership or agreements. The regulations also clarify the meaning of related terms such as "Group Entity," "Designated Jurisdiction," and "Principal Officer," ensuring clarity in application and enforcement.

KRA REGISTRATION

Application

To be eligible for registration as a KRA, an entity must apply electronically or otherwise in the prescribed form and pay the requisite fees. The applicant must be established as a company within the IFSC and maintain a minimum net worth of one million US dollars at all times. The entities registered with the Securities and Exchange Board of India (SEBI) and conducting similar activities may establish wholly owned subsidiaries or branches within the IFSC to act as KRAs, subject to compliance with these regulations.

Fit and proper requirements

According to the regulations emphasize the importance of fitness and propriety of the entity and its key personnel. The applicant, its principal officer, compliance officer, directors, key managerial personnel, and controlling shareholders must be "fit and proper persons." This includes having a clean financial and criminal record, no history of regulatory violations, and possessing integrity, competence, and financial soundness. Specific disqualifications include convictions for economic offenses, ongoing investigations for financial crimes, regulatory prohibitions, insolvency, and other factors detrimental to the integrity of the financial services sector.

Appointment of Principal Officer, Compliance Officer and other human resources

KRAs are required to appoint a principal officer and a separate compliance officer, both of whom must meet prescribed educational qualifications and have relevant experience in financial services. The principal officer should have at least ten years of experience, while the compliance officer should have a minimum of five years. Both officers must report any non-compliance independently and promptly to the Authority.

The Authority considers several factors when granting registration, including the applicant’s organizational structure, infrastructure, financial soundness, absence of conflicts of interest with other commercial activities, and the overall ability to conduct operations effectively within the IFSC. The Authority may refuse registration if the applicant fails to meet these criteria or does not rectify deficiencies within a stipulated period. Registration may also be revoked or suspended following due process.

Law Simplified with Tables, Charts & Illustrations – Easy to Understand - Click here

Registered KRAs must comply with a given code of conduct outlined in the regulations’ Schedule I, which includes maintaining confidentiality, ensuring accuracy and integrity of information, and following ethical standards. They are also mandated to maintain electronic records of accounts, books, and documents for a minimum of five years, including balance sheets, profit and loss statements, audit reports, and records related to anti-money laundering and counter-terrorism financing compliance.

The regulations further require KRAs to ensure that their operations, including those of their principal and compliance officers, are conducted with due diligence and transparency. They must have adequate office space, communication facilities, and private infrastructure suitable for their business activities. The Authority retains the power to audit, inspect, and enforce compliance to ensure the orderly development and regulation of the financial services market within the IFSC.

FUNCTIONS AND OBLIGATIONS OF KRA

A KRA shall perform its functions and discharge its obligations as under

1. A KRA shall have electronic connectivity with other KRA(s) in the IFSC in order to establish inter- operability among KRAs.
2. A KRA may also have electronic connectivity with the KRA(s) registered with other financial sector regulators to establish interoperability with KRAs of other jurisdictions.
   Explanation: Interoperability means the ability of the KRA to determine whether the KYC documents of the Client are in the custody of another KRA.
3. A KRA shall have a secure data transmission link with other KRA(s) and with each Regulated Entity that uploads the KYC documents on its system and relies upon its data.
4. A KRA shall be responsible for storing, safeguarding and retrieving the KYC documents and submit to the Authority or any other statutory authority as and when required.
5. A KRA shall carry out an independent validation of the KYC records uploaded onto its system by the Regulated Entity in such a manner as specified by the Authority from time to time.
6. Any information updated about a Client shall be disseminated by KRA to all intermediaries that avail of the services of the KRA in respect of that Client.
7. A KRA may prepare the operating instructions in coordination with other KRA(s) and issue the same to implement the requirements of these regulations.
8. KRA(s) shall ensure that the integrity of the automatic data processing systems for electronic records is maintained at all times.
9. A KRA shall take all precautions necessary to ensure that the KYC documents/records are not lost, destroyed or tampered with and that sufficient backup of electronic records is available at all times at a different place.
10. A KRA shall have adequate mechanisms for the purposes of reviewing, monitoring and evaluating its controls, systems, procedures and safeguards.
11. A KRA shall cause an audit of its controls, systems, procedures and safeguards to be carried out periodically and take corrective actions for deficiencies, if any and report to Authority.
12. A KRA shall take all reasonable measures to prevent unauthorised access to its database and ensure audit of its systems, controls, procedures and safeguards at regular intervals as specified by the Authority from time to time.
13. A KRA shall ensure compliance with the provisions of the Digital Personal Data Protection Act, 2023, and any other applicable laws governing data protection.
14. A KRA shall have relevant checks built into its system to ensure that a Regulated Entity has access to the documents/records or information of its Clients only and with the consent of the Client.
15. A KRA shall intimate to each Client after receipt of the KYC documents from the Regulated Entity, confirming the Client's details thereof.
16. A KRA shall maintain an audit trail of any upload/ modification /download regarding the KYC records of each Client.

To Read the full text of the Notification CLICK HERE

Support our journalism by subscribing to Taxscan premium. Follow us on Telegram for quick updates