Every month, founders and compliance leads of regulated institutions in India run into the same question. A bank relationship manager asks for a “FIU registration certificate.” A payment gateway flags their application as incomplete. A CA mentions something about PMLA obligations during a routine review. More often than not, the response is confusion, followed by a scramble.
FIU-IND registration is one of those regulatory requirements that catches businesses off guard, not because it is new, but because its applicability extends far beyond banks and financial institutions. For instance, entities operating in regulated sectors such as financial services, payment systems, virtual digital assets (VDAs), precious metals and stones or certain notified professional and intermediary activities may fall within the scope of FIU-IND reporting obligations. And the consequences of ignoring it are real.
This guide covers who needs FIU-IND registration, how the process works, common mistakes to avoid and why banks keep asking for it.
What is FIU-IND registration?
The Financial Intelligence Unit of India (FIU-IND) is the central national agency responsible for receiving, processing and analyzing financial transaction data related to suspected money laundering and terrorist financing. Specifically, it operates under the Ministry of Finance and was established in 2004.
Under the Prevention of Money Laundering Act, 2002 (PMLA), certain categories of businesses are classified as “reporting entities.” As a result, these entities must register with FIU-IND, appoint a Principal Officer, implement customer due diligence procedures, maintain transaction records for five years and file prescribed reports with the FIU through its FINGate 2.0 portal.
Therefore, registration may become mandatory where an entity falls within the definition of a reporting entity under the PMLA framework. Section 12 of the PMLA requires every reporting entity to maintain records and furnish information to FIU-IND. Failure to comply triggers penalties under Section 13, ranging from INR 10,000 to INR 100,000 per violation. In serious cases involving systemic failures or repeated non-compliance, FIU-IND has imposed substantial monetary penalties. FIU-IND imposed INR 5.49 crore (Rs. 54.9 million) on Paytm Payments Bank and INR 9.27 crore (Rs. 92.7 million) on Bybit Fintech Limited for PMLA violations.
Who needs FIU-IND registration?
The PMLA defines a reporting entity as a banking company, financial institution, intermediary or a person carrying on a “designated business or profession.” However, that final category is where most confusion arises. Here is who falls within scope.
Banks and financial institutions – All commercial banks, cooperative banks, regional rural banks, NBFCs and housing finance companies must register. Naturally, this category is widely understood and compliance is generally well established.
Securities market intermediaries – In particular, stockbrokers, sub-brokers, share transfer agents, portfolio managers, mutual fund distributors and other entities registered with SEBI fall under this obligation. SEBI issued a specific circular directing all regulated intermediaries to register on the FINNET 2.0 system.
Insurance companies – Similarly, life insurers, general insurers, health insurers and their agents must register. The IRDAI has reinforced this requirement through its own AML/CFT guidelines.
Designated Non-Financial Businesses and Professions (DNFBPs) – Consequently, this is the category that surprises many business owners. It includes certain notified activities involving dealers in precious metals and precious stones, real estate intermediaries and specified financial transactions carried out on behalf of clients by practicing professionals holding a Certificate of Practice from ICAI, ICSI or ICMAI (Chartered Accountants, Company Secretaries and Cost Accountants), subject to the applicable PMLA notifications and thresholds.
Virtual Digital Asset Service Providers (VDA SPs) – Furthermore, since March 2023, entities carrying on notified VDA activities such as exchange, transfer, safekeeping, administration or related financial services involving VDAs may be required to register with FIU-IND. FIU-IND has also issued sector-specific AML/CFT guidance applicable to VDA Service Providers (VDA SPs).
Payment system operators and fintech platforms. Entities regulated by the RBI as payment aggregators, prepaid instrument issuers or other payment system operators also carry reporting obligations.
Businesses that commonly misunderstand applicability
In practice, several categories of businesses routinely assume FIU-IND registration does not apply to them. Here are the most frequent gaps we see.
Jewelers and bullion dealers – For example, many jewelers believe that only large chains need to register. Applicability is determined by the notified activity and relevant thresholds rather than the size of the business alone. Dealers in precious metals or stones may fall within the reporting entity framework subject to the applicable PMLA notification thresholds and conditions. A single-store jeweler in a tier-2 city carries the same obligation as a national chain.
Real estate agents – Certain real estate intermediary activities involving the buying, selling or transfer of property on behalf of clients may fall within the notified PMLA framework. In other words, property consultants and brokers who handle transactions above the prescribed thresholds may fall within scope depending on the nature of activities and applicable thresholds.
Practicing CAs, CSs and CMAs – Additionally, certain specified financial transactions carried out on behalf of clients by practicing professionals may attract reporting obligations under the notified PMLA framework. Many sole practitioners are unaware of this requirement and have never registered.
Small NBFCs and fintech startups. Similarly, early-stage NBFCs sometimes deprioritise FIU-IND registration, treating it as something to handle “later.” But Section 12 obligations apply from the point the entity begins operations as a reporting entity. Delaying registration creates a compliance gap from day one.
Crypto and VDA businesses. Likewise, some operators assume that because VDAs are not fully regulated in India, FIU-IND registration is voluntary. It is not. Indian authorities have taken enforcement and access-restriction measures against certain offshore VDA platforms for non-compliance with applicable FIU-IND registration obligations.
FIU-IND registration process
The registration process runs through the FINGate 2.0 portal and involves three distinct stages. Therefore, understanding each stage helps avoid the delays that trip up most applicants.
Stage 1: Self-enrolment on FINnet. Registration onboarding is initiated through the FIU-IND FINGate portal (fingate.gov.in), where Reporting Entities complete the onboarding and registration workflow. Fill in basic details including your entity name, category of reporting entity and contact information. On successful submission, FIU-IND allots a unique FIU Identification Number (FIU-ID) and sends an official invitation email with login credentials.
Stage 2: Detailed registration on FINGate 2.0. Log in to the FINGate 2.0 portal using the credentials provided. Complete the detailed registration form, which covers entity details, regulatory status, business profile and compliance infrastructure. The registration process is largely form-based at this stage, though FIU-IND may seek supporting documents or clarifications where required. The system captures information through form fields.
Stage 3: Principal Officer and Designated Director onboarding.
After the Reporting Entity profile is initiated, the FINGate system enables onboarding of both the Principal Officer (PO) and the Designated Director (DD), each through separate onboarding and verification workflows.
Under the PMLA framework, the Principal Officer and Designated Director are distinct compliance roles and should generally not be mapped to the same individual. The Principal Officer acts as the primary AML/CFT compliance contact responsible for reporting obligations and coordination with FIU-IND, while the Designated Director is responsible for ensuring overall compliance with PMLA obligations at the organizational level.
The onboarding workflow is substantially digital and portal-driven, involving identity validation and profile verification through the FINGate system. Depending on the entity structure, the Designated Director onboarding may also involve validation of statutory identifiers such as DIN and related governance credentials.
For operational issues relating to portal onboarding or registration workflows, FIU-IND may provide support through its designated FINGate helpdesk channels.
Processing typically takes two to six weeks. Once FIU-IND verifies the details, it issues a registration acknowledgment/confirmation along with a Reporting Entity Identification Number (REID). This REID is used for all future report filings and correspondence.
Common mistakes during FIU registration
Based on our experience assisting reporting entities across sectors, these are the errors that cause the most delays and rejections.
Selecting the wrong entity category – First, the FINGate portal asks you to classify your entity type during enrolment. Picking the wrong category cascades into misapplied reporting requirements and can require you to restart the process.
Appointing an unqualified Principal Officer – Second, the PO is your designated point of contact with FIU-IND and is responsible for all reporting obligations. This person should possess sufficient seniority, access, understanding of AML/CFT compliance obligations and should be located in India. Assigning this role casually or treating it as an administrative formality, invites scrutiny.
Submitting generic compliance policies – Third, before approaching FIU-IND, your entity must have internal AML/CFT policies, KYC procedures and a risk assessment framework in place. Vague policy documents that lack clear risk classification methods rarely satisfy the regulator’s expectations.
Ignoring report validation – Fourth, once registered, your first reporting obligation will follow quickly. FIU-IND uses a specific XML/CSV schema for report submissions. Files that fail the FIU Report Validation Utility (RVU) are rejected automatically. Test your reports against the RVU before every upload.
Failing to update material changes – Finally, if your Principal Officer changes, your entity undergoes restructuring or your business profile shifts, you must update FIU-IND promptly. Neglecting these updates can result in compliance breaches.
Why banks ask for FIU registration
If a bank has asked you for your FIU-IND registration certificate, it is not bureaucratic overreach. After all, banks themselves are reporting entities under the PMLA. When they onboard a business that falls within the definition of a reporting entity, they are required to verify that the business is meeting its own PMLA obligations.
From the bank’s perspective, onboarding an unregistered reporting entity creates regulatory risk for the bank itself. RBI examiners review whether banks have adequate procedures to identify and assess the compliance status of their customers. A jeweller, NBFC or crypto platform without FIU-IND registration is a red flag during these reviews.
Similarly, payment gateways and institutional partners follow the same logic. They need assurance that their counterparties are PMLA-compliant before establishing a business relationship. Your FIU registration certificate provides that assurance.
So, if a bank or payment partner is asking for your FIU-IND registration and you have not yet registered, treat it as an urgent compliance priority rather than a paperwork request.
Frequently Asked Questions (FAQs)
FIU-IND registration refers to the onboarding and reporting framework applicable to entities classified as “reporting entities” under the Prevention of Money Laundering Act, 2002 (PMLA). Reporting entities are required to maintain records, implement AML/CFT controls, conduct customer due diligence (CDD) and file prescribed reports with the Financial Intelligence Unit-India (FIU-IND).
FIU-IND registration may apply to:
– Banks and financial institutions,
– NBFCs,
– Payment aggregators and payment system operators,
– Securities market intermediaries,
– Insurance entities,
– Virtual Digital Asset Service Providers (VDA SPs),
– Certain dealers in precious metals and stones,
– Specified real estate intermediaries and
– Certain notified professional activities under the PMLA framework.
Applicability depends on the nature of activities, transaction profile and relevant regulatory notifications.
Entities carrying on notified Virtual Digital Asset (VDA) activities such as exchange, transfer, safekeeping, administration or related financial services involving VDAs may be required to register with FIU-IND.
This may include:
– crypto exchanges,
– OTC desks,
– custodial wallet providers,
– token platforms and
– certain VDA transaction facilitation businesses.
Pure software development, infrastructure support, analytics services or non-custodial technology services do not automatically trigger FIU-IND registration requirements. Applicability depends on whether the business carries out notified VDA activities or regulated financial functions.
Foreign VDA platforms serving users in India may attract FIU-IND registration and reporting obligations depending on the nature of activities and operational nexus with Indian users. Indian authorities have taken enforcement measures against certain offshore VDA platforms for non-compliance with applicable registration obligations.
Under the PMLA compliance framework, the Principal Officer (PO) and Designated Director (DD) are distinct compliance roles with different responsibilities. Reporting entities generally maintain separate individuals for these functions as part of governance and compliance oversight.
Depending on the nature of the reporting entity and applicable obligations, reporting requirements may include:
– Cash Transaction Reports (CTR),
– Suspicious Transaction Reports (STR),
– Cross-Border Wire Transfer Reports (CBWTR),
– Property Transaction Reports (PTR),
– Counterfeit Currency Reports (CCR) and
– Other prescribed reports under the PMLA framework.
Reporting timelines and applicability vary depending on the nature of activities and transactions involved.
CTR reporting generally applies to cash transactions of more than INR 10 lakh (or its equivalent in foreign currency), subject to the applicable PMLA rules and reporting requirements.
Property Transaction Reports (PTRs) apply to specified immovable property transactions meeting prescribed thresholds under the PMLA reporting framework. Certain real estate intermediaries may be required to file PTRs depending on the nature of activities and transaction profile.
No. FIU-IND registration is a reporting and AML/CFT compliance obligation under the PMLA framework. It does not replace regulatory licensing requirements applicable under RBI, SEBI, IRDAI or other sectoral regulators.
The registration timeline varies depending on:
– entity structure,
– onboarding completeness,
– Principal Officer and Designated Director verification,
– regulatory clarifications and
– portal validation workflows.
In practice, onboarding and registration may take several weeks depending on the complexity of the entity and compliance setup.
Failure to comply with applicable PMLA obligations may attract:
– monetary penalties,
– regulatory scrutiny,
– onboarding restrictions from banks/payment partners,
– operational limitations and
– enforcement actions under applicable law.
Banks, payment partners and regulated financial institutions often assess whether their counterparties are complying with applicable AML/CFT obligations. Where a business appears to fall within the reporting entity framework, absence of FIU-IND registration may become a compliance concern during onboarding or periodic reviews.
Yes. Compliance7 supports businesses with:
– Applicability assessments,
– FIU-IND registration support,
– Principal Officer and Designated Director onboarding guidance,
– AML/CFT policy drafting,
– KYC/CDD framework implementation,
– STR/CTR reporting support,
– AML audits and
– Ongoing compliance advisory.
How Compliance7 assists
FIU-IND registration sounds straightforward on paper. In practice, the process involves regulatory interpretation, policy drafting and ongoing compliance infrastructure that many businesses are not set up to handle internally.
At Compliance7, we support reporting entities across India with end-to-end FIU-IND registration, from initial applicability assessment and entity categorization to Principal Officer appointment, AML/CFT policy development and FINGate 2.0 portal registration. We also provide ongoing support for report filing, compliance training and regulatory updates.
Beyond registration, our services include AML/CFT policy drafting tailored to your entity type and risk profile, independent compliance reviews and audits of existing frameworks, remediation support for entities that have received regulatory observations and periodic health checks to ensure your reporting obligations remain current. Whether you are registering for the first time or need to fix a registration that was done incorrectly, we can help you get it right.
Book a free consultation to assess your FIU-IND registration requirements.
This article is for informational purposes only and does not constitute legal or regulatory advice. For guidance specific to your business, consult a qualified compliance professional.
A lot of startups and fintech teams only realize FIU-IND registration matters when a bank or payment partner suddenly asks for it during onboarding. I liked that this article highlighted how the scope goes beyond traditional financial institutions, especially with VDAs and intermediary activities now drawing more scrutiny under PMLA compliance.