IFSCA’s proposed KYC–KRA integration can reduce repeated paperwork and speed up customer onboarding across GIFT IFSC. However, the draft needs clearer timelines, stronger data safeguards, defined customer rights and a phased migration plan.
New Delhi (ABC Live–DSLA): The International Financial Services Centres Authority has proposed mandatory integration of regulated entities operating in the International Financial Services Centre with registered KYC Registration Agencies.
Although the proposal can make customer onboarding faster, it will also create a connected system containing sensitive personal, financial and ownership information. Therefore, the final circular must balance ease of doing business with privacy, cyber security, data accuracy and continued responsibility for customer due diligence.
Public Interest Note
ABC Live, in association with Dinesh Singh Law Associates, is publishing this analysis as part of its public duty to place constructive suggestions in the public domain.
Accordingly, this report does not oppose the proposed KYC integration framework. Instead, it examines the draft’s legal, technical and operational gaps so that IFSCA may consider them fairly before finalising the circular.
Moreover, public consultation becomes meaningful only when stakeholders examine both the expected benefits and possible risks of a proposal. Therefore, ABC Live and DSLA are placing these recommendations before IFSCA, regulated entities, KYC Registration Agencies, compliance professionals, technology providers and customers of GIFT IFSC.
DSLA has provided legal research and regulatory analysis. However, ABC Live retains full editorial responsibility for this report.
Summary
IFSCA proposes that every regulated entity in the IFSC should connect with at least one registered KYC Registration Agency, or KRA.
The proposed system will allow regulated entities to upload, store, retrieve and update customer KYC records through a connected KRA platform. Therefore, a customer who has completed KYC with one IFSC entity may not need to submit the same documents again to another entity.
The policy objective is reasonable. Repeated KYC checks create delay, increase compliance costs and frustrate customers. Moreover, a shared system can improve data consistency when regulated entities update changes through one connected network.
However, the draft circular remains too brief for a system that will process highly sensitive customer information.
First, it does not provide detailed technical, interoperability or cyber-security standards. Second, it does not clearly explain customer notice, correction rights or grievance procedures. Third, it requires the migration of all active legacy customers by 30 October 2026 without defining an “active client.”
Furthermore, the circular says it will come into force immediately. However, it also gives regulated entities two months to integrate with a KRA. At the same time, it sets 1 September 2026 as the start date for new-client integration.
Therefore, the implementation dates need one clear and consistent structure.
Most importantly, access to a KRA record must not become a substitute for risk-based customer due diligence. Although a regulated entity may use an existing identity record, it must still assess beneficial ownership, source of funds, sanctions exposure, business purpose and the nature of the proposed financial relationship.
Consequently, IFSCA should retain the central KYC model. Nevertheless, it should issue a more detailed, phased and customer-protective implementation framework before enforcement begins.
Key Findings
- First, the proposal can reduce repeated KYC submissions across GIFT IFSC.
- Moreover, all regulated entities must connect with at least one IFSCA-registered KRA.
- In addition, new customers onboarded on or after 1 September 2026 must enter the KRA system.
- Furthermore, active customers onboarded earlier must be uploaded by 30 October 2026.
- However, the draft does not define an “active client.”
- Similarly, it does not explain how regulated entities should handle outdated, incomplete or conflicting legacy records.
- Moreover, the draft does not clearly provide customer access, correction or dispute rights.
- At the same time, it does not prescribe detailed application programming interface, encryption or incident-reporting standards.
- Furthermore, the proposed unique KRA number may overlap with existing identifiers.
- Finally, the circular needs clearer rules on liability, KRA switching, charges, service outages and grievance redressal.
ABC Live Regulatory Dashboard
| Regulatory area | Assessment | Main concern |
|---|---|---|
| Policy objective | Strong | Implementation detail is limited |
| Ease of doing business | High potential | Duplicate checks may continue |
| Customer convenience | Positive | Correction rights remain unclear |
| Timeline | Weak | Immediate effect conflicts with later dates |
| Legacy migration | High risk | “Active client” is undefined |
| Data protection | Incomplete | Detailed privacy safeguards are absent |
| Cyber security | Incomplete | Common technical standards are missing |
| Interoperability | Positive intent | Cross-KRA protocols are unclear |
| KYC responsibility | Necessary | Reliance rules remain uncertain |
| Unique identifier | Useful | Existing ID overlap is unexplained |
| Grievance process | Weak | No defined correction timeline |
| Enforcement | Unclear | No graded transition framework |
| Overall assessment | 6.5/10 | Sound proposal, incomplete operating plan |
What the Draft Circular Proposes
Broadly, the draft creates a common KYC integration requirement across GIFT IFSC.
Integration With at Least One KRA
Every regulated entity must integrate its systems with at least one KRA registered with IFSCA.
Consequently, banks, insurers, fund managers, finance companies, capital-market intermediaries and other regulated businesses may have to establish technical connections with a KRA.
The regulated entity must complete this integration within two months from the date of the final circular.
However, the draft does not prescribe a testing, certification or readiness process before the connection goes live.
Three-Working-Day Upload Rule
Once a regulated entity completes the KYC process, it must upload the customer’s information to the KRA within three working days.
Therefore, the KRA database should remain reasonably current.
Nevertheless, the circular does not explain how the three-day period will operate when documents remain incomplete, verification continues or beneficial ownership requires additional review.
New Customers From 1 September 2026
Regulated entities must upload the KYC details of customers onboarded on or after 1 September 2026.
However, where the customer already has a KRA record, the regulated entity must download and verify that record. Thereafter, it must upload any change so that the KRA system contains the latest available information.
Consequently, the framework combines reuse with continuing verification.
Existing Active Customers
Regulated entities must upload the KYC records of all active customers onboarded before 1 September 2026 by 30 October 2026.
Although the objective is understandable, this requirement may create a large migration exercise.
Therefore, IFSCA should define the scope, validation process, error categories and exception procedure before migration begins.
Unique Identification Number
Each KRA must assign a unique identification number to every customer in its database.
The customer may then use that number while seeking services from another regulated entity in the IFSC.
Consequently, the number could become a common KYC reference across banking, insurance, funds and other IFSC activities.
However, the draft does not explain whether customers will receive one common number across all KRAs or separate numbers from different agencies.
Why the Proposal Matters for GIFT IFSC
GIFT IFSC brings together banking, insurance, capital markets, fund management, aircraft leasing, ship leasing and other cross-border financial activities.
Therefore, one customer may maintain relationships with several regulated entities.
Without a shared KYC system, the same customer may have to submit passports, address records, tax documents, corporate records and beneficial-ownership details repeatedly.
Consequently, customers face delay while regulated entities duplicate work.
A common KRA system can reduce this burden. Moreover, it can create a shared record of customer-information updates.
However, the same system will concentrate highly sensitive information within an interconnected network. Therefore, operational convenience cannot come at the cost of privacy, system security or accountability.
ABC Live’s critical analysis of IFSCA’s FinTech Sandbox Framework 2026 similarly found that technology-led financial reforms need testing, risk controls and a clear route from regulatory approval to live operation.
Proposed Implementation Timeline
| Requirement | Draft deadline | Main concern |
| Circular comes into force | Immediately | Conflicts with transition period |
| KRA integration | Within two months | No testing or certification process |
| New clients covered | From 1 September 2026 | Date may not align with final issuance |
| Existing active clients | By 30 October 2026 | Large migration burden |
| KYC upload | Within three working days | Exception rules are absent |
| Public comments | By 16 July 2026 | Limited consultation window |
Strength One: It Can Reduce Repeated KYC Work
The strongest part of the proposal is its objective.
Customers may currently have to repeat the same identification process while approaching different IFSC institutions. Therefore, a common KRA record can reduce paperwork and processing time.
Moreover, central storage can help a regulated entity retrieve previously verified documents quickly.
However, the benefit will arise only when regulated entities genuinely rely on valid KRA records.
If every institution repeats the full verification process because of liability concerns, the framework may create an additional compliance layer rather than remove duplication.
Therefore, IFSCA must clarify which KYC elements may be relied upon and which checks each regulated entity must repeat.
Strength Two: It Can Improve Data Updating
A shared KRA system may also improve the updating of customer information.
For example, when one regulated entity records a new address, updated passport or revised beneficial-ownership structure, the KRA can make the latest record available to other authorised institutions.
Consequently, regulated entities may avoid relying on older information.
However, the benefit depends on prompt, accurate and verified updates.
Therefore, the framework must prevent one incorrect change from spreading through the connected system.
Strength Three: It Preserves Risk-Based Due Diligence
The proposed KRA system does not remove the need for regulated entities to conduct customer due diligence.
This approach is correct because financial risk depends on the particular product, transaction, ownership structure, geography and source of funds.
For example, the same customer may present a lower risk in one relationship but a higher risk in another cross-border transaction.
Therefore, a common identity record should support due diligence rather than replace it.
At the same time, IFSCA should ensure that continued responsibility does not force institutions to repeat every basic identification check.
Critical Issue One: The Timeline Is Internally Unclear
The draft says that the final circular will take effect immediately.
However, it also gives regulated entities two months to integrate with a KRA. In addition, it sets 1 September 2026 for new customers and 30 October 2026 for legacy records.
Therefore, the circular contains four timing concepts:
- immediate legal effect;
- a two-month technical integration period;
- a fixed date for new clients; and
- a separate deadline for existing clients.
These dates may not align if IFSCA issues the final circular later than expected.
Accordingly, the final circular should use one notified commencement date followed by clear implementation phases.
Suggested Phased Timeline
| Phase | Suggested period |
| Publication of technical standards | First 30 days |
| KRA selection and system development | Next 60 days |
| Testing and certification | Following 30 days |
| New-client integration | After certification |
| High-risk legacy customers | Next 90 days |
| Remaining active customers | Following 180 days |
Critical Issue Two: “Active Client” Is Not Defined
The draft requires regulated entities to upload all active customers onboarded before 1 September 2026.
However, it does not define an active client.
For example, the expression may or may not include:
- dormant bank accounts;
- investors with no recent transactions;
- expired insurance policies with pending claims;
- closed funds with continuing obligations;
- finance accounts under recovery;
- clients whose accounts remain open because of litigation; or
- former clients whose records must still be retained.
Consequently, different sectors may interpret the requirement differently.
Therefore, IFSCA should define an active client for banking, insurance, funds, securities and finance activities.
Alternatively, it may use a functional test based on whether a live contractual, financial, claim-related or regulatory relationship continues.
Critical Issue Three: Legacy Migration May Reduce Data Quality
The 30 October 2026 deadline could require larger entities to upload thousands of historical customer records within a short period.
However, legacy files may contain:
- expired documents;
- outdated addresses;
- incomplete ownership information;
- low-quality scanned copies;
- inconsistent name formats;
- missing tax information; or
- records prepared under earlier standards.
Therefore, rapid migration may move outdated information into the KRA database.
Once uploaded, other institutions may rely on that data. Consequently, one old error may spread across the IFSC system.
IFSCA should require regulated entities to classify migrated records as:
- fully verified;
- verified with minor updates pending;
- partially verified;
- outdated; or
- requiring fresh KYC.
Moreover, high-risk customers should undergo fresh verification before migration.
Critical Issue Four: The Circular May Not Remove Duplicate KYC
The proposed framework seeks to remove repeated customer verification.
However, each regulated entity remains responsible for its customer due diligence.
Therefore, institutions may continue to repeat the full KYC process because they fear regulatory action if another entity uploaded incorrect information.
This creates a regulatory tension.
On one hand, the system promotes reliance. On the other hand, the regulated entity continues to carry compliance responsibility.
Consequently, IFSCA should create a safe-reliance framework.
A regulated entity should be permitted to rely on a current and independently validated KRA record unless:
- the document has expired;
- the record contains a warning;
- the customer’s details have changed;
- beneficial ownership remains unclear;
- the proposed product creates higher risk; or
- enhanced due diligence is otherwise required.
Critical Issue Five: Customer Notice Needs Clarity
The circular requires customer information to move between regulated entities and KRAs.
However, it does not explain how customers will receive notice about:
- the KRA receiving their information;
- the purpose of collection;
- the information being stored;
- the institutions that may access it;
- the retention period;
- the correction process; or
- the consequences of inaccurate information.
Although KYC processing may arise from a legal duty, customers should still receive clear notice.
Therefore, IFSCA should prescribe a standard KRA information notice during onboarding.
Moreover, regulated entities should access a record only when the customer seeks a service or another lawful ground permits access.
Critical Issue Six: Data-Protection Duties Need More Detail
The KRA system will process passports, photographs, addresses, tax records, corporate documents and beneficial-ownership information.
Therefore, it will create a high-value target for cybercriminals and identity thieves.
Although the underlying regulations may contain general safeguards, the draft circular does not provide operational privacy requirements.
The final circular should address:
- purpose limitation;
- data minimisation;
- authorised access;
- encryption;
- storage and backup;
- retention;
- secure deletion;
- breach reporting;
- employee access;
- vendor controls;
- cross-border access; and
- correction rights.
Moreover, the system should comply with applicable Indian data-protection law.
Critical Issue Seven: Cyber-Security Standards Are Missing
The circular requires technical integration. However, it does not prescribe one common security standard.
Consequently, different regulated entities may use different levels of protection.
A weak connection at one institution could create risk for the wider KRA network.
Therefore, IFSCA should prescribe minimum standards for:
- encrypted application programming interfaces;
- multi-factor authentication;
- role-based access;
- digital signing;
- access logs;
- vulnerability testing;
- penetration testing;
- security audits;
- real-time alerts;
- disaster recovery; and
- incident reporting.
In addition, every regulated entity should complete certification before using the live system.
Critical Issue Eight: Cross-KRA Interoperability Is Unclear
The draft requires each regulated entity to connect with at least one KRA.
However, it does not explain what happens when another regulated entity uses a different KRA.
For example, a customer may have a record with KRA One, while the new financial institution connects only with KRA Two.
Therefore, the success of the system depends on full interoperability between registered KRAs.
The final circular should prescribe:
- a common data format;
- a common search protocol;
- real-time record exchange;
- duplicate-record resolution;
- service-level standards;
- access charges;
- audit trails; and
- responsibility for transmission failures.
Without these standards, separate KRAs may create new information silos.
ABC Live’s analysis of IFSCA’s SERF-MPR consultation paper also explains why common formats and reporting standards matter across GIFT IFSC.
Critical Issue Nine: The Unique Number May Overlap With Existing IDs
The draft requires each KRA to assign a unique identification number to every customer.
However, customers may already have:
- a Central KYC identifier;
- Permanent Account Number;
- Legal Entity Identifier;
- passport number;
- company registration number;
- tax identification number; or
- another sectoral reference.
Therefore, the final circular should explain the purpose and hierarchy of the new number.
Moreover, it should clarify whether a customer receives:
- one common IFSC-wide KYC number;
- one number from each KRA; or
- a number linked with an existing Central KYC identifier.
Multiple KRA numbers may create confusion and duplicate records.
Accordingly, IFSCA should consider one portable IFSC-wide identifier across all registered KRAs.
Critical Issue Ten: Customer Correction Rights Are Missing
A customer may discover that the KRA record contains a wrong address, incorrect beneficial owner or outdated document.
However, the draft does not provide a correction procedure.
Therefore, the final circular should state:
- where a customer may file a correction request;
- who must verify the request;
- how quickly the record must be corrected;
- whether linked entities must receive the correction;
- how disputed information should appear during review; and
- where the customer may appeal.
Moreover, a customer should receive an electronic confirmation whenever a regulated entity uploads or modifies the record.
Critical Issue Eleven: Liability for Wrong Data Is Unclear
Several parties may handle one KYC record:
- the customer;
- the originating regulated entity;
- the KRA;
- the regulated entity relying on the record; and
- a technology-service provider.
However, the circular does not divide responsibility among these parties.
For example, who is responsible when:
- the originating institution uploads the wrong document;
- the KRA wrongly validates the record;
- the receiving institution overlooks an obvious mismatch;
- a technical failure changes the data; or
- a delayed update causes wrongful rejection?
Therefore, the final framework should contain a liability matrix.
The originating entity should remain responsible for accurate uploads. Meanwhile, the KRA should remain responsible for platform integrity and validation. Finally, the receiving entity should remain responsible for risk-based assessment and obvious inconsistencies.
Critical Issue Twelve: Fees and Market Concentration Need Attention
The circular requires every regulated entity to connect with a KRA.
However, it does not address:
- connection fees;
- annual charges;
- record-download charges;
- update charges;
- switching fees; or
- customer charges.
Consequently, regulated entities may face compulsory private-service costs without a transparent pricing framework.
Moreover, only a small number of firms may qualify as KRAs. Therefore, market concentration may create service dependence or high charges.
IFSCA should require fair, transparent and non-discriminatory pricing.
In addition, regulated entities should be able to switch KRAs without losing access to customer records.
Critical Issue Thirteen: Foreign Customers Need Special Rules
GIFT IFSC serves foreign nationals, non-resident Indians, global companies, funds and institutional investors.
Their KYC files may contain:
- foreign passports;
- overseas addresses;
- foreign registry extracts;
- tax-residency documents;
- trusts and foundations;
- multi-layered ownership; and
- documents in foreign languages.
Therefore, the KRA system must support a wider range of documents than a domestic retail KYC system.
Moreover, the final circular should explain how exemptions under the IFSCA AML, CFT and KYC Guidelines interact with the new KRA requirement.
Without this clarity, regulated entities may apply the exemptions differently.
Critical Issue Fourteen: MII Monitoring Duties Are Undefined
The draft requires Market Infrastructure Institutions to inform their members and monitor compliance.
However, it does not define the meaning of monitoring.
For example, it remains unclear whether an MII must:
- obtain compliance certificates;
- inspect connection logs;
- monitor upload deadlines;
- report failures;
- suspend members; or
- conduct technology audits.
Therefore, IFSCA should define the scope of the MII role.
Otherwise, supervision may overlap between IFSCA, KRAs and Market Infrastructure Institutions.
Critical Issue Fifteen: No Testing or Sandbox Phase
The circular moves directly from system integration to mandatory operation.
However, financial-data networks require testing before full deployment.
Therefore, IFSCA should provide:
- an industry testing environment;
- sample customer records;
- interface certification;
- cyber-security tests;
- reconciliation tests;
- outage simulations;
- migration rehearsals; and
- formal readiness approval.
Moreover, regulated entities should receive a short stabilisation period before ordinary penalties begin.
Nevertheless, deliberate misuse, unlawful access or serious cyber negligence should attract immediate action.
Domestic and Global Comparison
| System | Main feature | Lesson for IFSCA |
| IFSCA draft KRA model | Shared repository across IFSC sectors | Needs detailed cross-sector standards |
| Central KYC Records Registry | Central KYC identifier and record storage | Clarify overlap with existing identifiers |
| SEBI KRA system | KRA-based securities-market verification | Validation and interoperability are essential |
| Singapore MyInfo | Trusted data reuse for digital onboarding | Customer visibility and reliable source data help |
| Shared banking KYC utilities | Common customer information platforms | Liability and commercial adoption matter |
| FATF digital identity approach | Risk-based use of reliable digital identity | Digital identity cannot replace full due diligence |
The comparison shows that a shared KYC utility can improve onboarding.
However, technology alone does not guarantee success. Instead, the system needs accurate data, customer trust, clear liability and reliable adoption.
Therefore, IFSCA should monitor pricing, service quality, outage risk and data accuracy from the beginning.
Main Risks
Centralised Cyber Risk
A common repository can improve efficiency. However, it also creates a high-value target.
Therefore, one major breach may affect customers across several financial sectors.
Spread of Incorrect Information
A wrong record uploaded by one institution may be downloaded by several others.
Consequently, errors may spread faster than under separate KYC systems.
Continued Duplicate Checks
Regulated entities may repeat KYC because they remain liable for due diligence.
Therefore, customers may face the existing process plus an additional KRA upload.
Vendor Dependence
Mandatory integration may create dependence on a small number of KRAs.
Consequently, an outage, cyber incident or commercial dispute may disrupt customer onboarding across GIFT IFSC.
Customer Exclusion
A customer with an incorrect or disputed KRA record may face rejection by several regulated entities.
Therefore, rapid correction and appeal procedures are essential.
Rushed Legacy Migration
Large-scale migration by one fixed deadline may prioritise quantity over accuracy.
Consequently, the KRA system may begin with outdated or incomplete records.
Recommendations Before Finalisation
Use One Clear Commencement Framework
First, IFSCA should remove the conflict between immediate effect, the two-month integration period and fixed calendar dates.
Instead, it should calculate all phases from the date of the final circular.
Define “Active Client”
Second, the final circular should define which legacy customers require migration.
Moreover, sector-specific guidance may be necessary for banking, insurance, funds, securities and finance companies.
Phase Legacy Uploads
Third, regulated entities should migrate high-risk and recently active customers first.
Thereafter, they may migrate other active records in stages.
Create a Safe-Reliance Rule
Furthermore, regulated entities should be allowed to rely on current and validated identity records.
However, they should continue product-specific, ownership-based and risk-based due diligence.
Issue Common Technical Standards
In addition, IFSCA should prescribe a common interface, data format, encryption standard and audit protocol.
Consequently, different KRAs and regulated entities can communicate reliably.
Establish Customer Rights
Similarly, customers should receive clear notice, access, correction and complaint rights.
Moreover, every access and update should create a traceable record.
Clarify the Identifier Structure
IFSCA should explain how the proposed KRA number relates to Central KYC, PAN, LEI and foreign identifiers.
Preferably, each customer should receive one portable IFSC-wide reference.
Define Liability
The final circular should divide responsibility among the originating entity, KRA, receiving entity and technology provider.
Consequently, customers and regulators will know who must correct an error or remedy a failure.
Regulate KRA Charges
IFSCA should require transparent and non-discriminatory prices.
Moreover, regulated entities should be allowed to switch providers without losing record access.
Require Cyber Certification
Before live operation, every connected entity should pass tests covering security, access controls, disaster recovery and data reconciliation.
Create a Graded Enforcement Period
Finally, IFSCA should permit corrective action during the early transition period.
However, deliberate misuse, unauthorised access and serious security failures should attract immediate regulatory action.
Suggested Clause-Level Changes
| Draft paragraph | Suggested revision |
| Paragraph 3.1 | Replace the fixed two-month rule with phased integration and certification |
| Paragraph 3.2 | Link the new-client date to successful system certification |
| Paragraph 3.3 | Define active clients and allow phased risk-based migration |
| Paragraph 3.4 | Create one portable identifier across all KRAs |
| Paragraph 3.5 | Add privacy, cyber security, liability and grievance duties |
| Paragraph 4 | Define the exact monitoring role of MIIs |
| Paragraph 5 | Replace immediate effect with a notified commencement schedule |
DSLA Legal and Regulatory Assessment
Dinesh Singh Law Associates considers the proposed KRA integration framework useful and necessary.
However, a central KYC record must remain a compliance tool rather than a final declaration that every customer presents a low risk.
Identity verification is only one element of customer due diligence. Therefore, regulated entities must continue to examine beneficial ownership, business purpose, source of funds, sanctions exposure and transaction behaviour.
At the same time, IFSCA should not impose full liability on regulated entities while also promising that KRA integration will remove duplication.
Therefore, the final circular must balance two principles:
- regulated entities may rely on validated common identity records; and
- regulated entities remain responsible for relationship-specific and risk-based checks.
Moreover, the framework should give customers clear rights because one central error may affect access to several financial services.
ABC Live Overall Assessment
IFSCA has identified a real operational problem.
Repeated KYC procedures increase costs, delay customer onboarding and weaken the ease of doing business in GIFT IFSC. Therefore, a connected KRA system is a logical reform.
Nevertheless, the draft focuses mainly on deadlines and mandatory integration. It provides much less detail on data quality, customer rights, cyber security, liability and interoperability.
Consequently, the system may reduce duplication only when IFSCA provides clear reliance rules and common technical standards.
Moreover, the final framework must prevent a central KYC database from becoming a central source of error, exclusion or cyber risk.
Therefore, IFSCA should proceed with the proposal. However, it should first issue a detailed implementation schedule, technical standard, customer-protection framework and grievance process.
In conclusion, the policy direction is sound. Nevertheless, the operating framework requires substantial strengthening before final enforcement.
Public Consultation Deadline
IFSCA has invited comments on the draft circular by 16 July 2026.
Stakeholders must submit their observations in Microsoft Word or Microsoft Excel format.
Therefore, regulated entities, KRAs, compliance professionals, financial-technology firms and customer groups should use the consultation period to propose practical clause-level changes.
How We Verified
ABC Live and DSLA reviewed the complete three-page IFSCA consultation paper and draft circular.
In addition, the analysis considered:
- the IFSCA KYC Registration Agency Regulations, 2025;
- the IFSCA AML, CFT and KYC Guidelines;
- India’s anti-money-laundering framework;
- the Central KYC Records Registry model;
- the SEBI KRA framework;
- India’s data-protection framework; and
- international guidance on digital identity and risk-based customer due diligence.
DSLA provided statutory and regulatory analysis. However, ABC Live retains full editorial responsibility.
Sources and Resources
IFSCA Sources
- IFSCA Public Consultations
- IFSCA Official Website
- IFSCA Legal and Regulatory Framework
- IFSCA AML, CFT and KYC Guidelines
Indian KYC and Data Sources
- RBI Master Direction on Know Your Customer
- SEBI KYC Registration Agency Regulations
- India Code: Prevention of Money Laundering Act, 2002
- India Code: Digital Personal Data Protection Act, 2023
International Guidance
- FATF Guidance on Digital Identity
- FATF Guidance on Customer Due Diligence and Financial Inclusion
- FATF Guidance on Private-Sector Information Sharing
- FATF Guidance on Beneficial Ownership
Related ABC Live Reports
- IFSCA Draft Mutual Insurer and P&I Regulations 2026: Critical Analysis — examines legal structure, capital requirements, governance, reinsurance and international recognition under another important IFSCA consultation.
- Critical Analysis of IFSCA FinTech Sandbox Framework 2026 — examines technology testing, cyber risk and the transition from regulatory approval to live financial operations.
- Critical Analysis of IFSCA’s SERF-MPR Consultation Paper — explains why common data formats, reporting standards and phased implementation matter in GIFT IFSC.
- Explained: How GIFT City Is Rising as a Global Finance Hub — provides the wider institutional background to IFSCA’s plan for an integrated international financial ecosystem.
- Explained: How Indian Companies Can Access Foreign Capital Through GIFT City — explains the cross-border financial activities that make reliable KYC and beneficial-ownership checks essential.
ABC Live — Making Complex Public Issues Simple.

