Written Anti Money Laundering Procedures

This sub‑topic covers the written Anti‑Money Laundering (AML) procedures that every SEBI‑registered intermediary must maintain. It explains why a documented AML framework is mandatory, the core components of the written policy, and how it is examined in the NISM Series VIII exam. Understanding these procedures helps you answer scenario‑based questions on compliance, reporting, and record‑keeping.

Learning Objectives

1Identify the regulatory requirement for a written AML policy under SEBI and NISM.
2Describe the essential elements that must be documented in the AML procedures.
3Explain the risk‑assessment, monitoring, and reporting workflow required by law.
4Recall record‑keeping periods and exam‑focused traps related to AML documentation.

Why Written AML Procedures Matter

Written AML procedures are the backbone of a broker‑dealer’s compliance program. SEBI’s (Securities and Exchange Board of India) regulations, particularly the “Know Your Customer” (KYC) and AML guidelines, require every intermediary to have a documented policy that is approved by senior management and reviewed annually.

The policy must outline the steps for customer onboarding, risk categorisation, transaction monitoring, and reporting of suspicious activities. Having a clear, written document ensures consistency across branches, aids internal audits, and demonstrates to regulators that the firm has a proactive defence against money‑laundering risks.

In the NISM exam, questions often present a brief scenario and ask whether the firm’s written procedures satisfy SEBI requirements. Candidates must spot missing elements such as lack of senior‑management sign‑off or absence of a periodic review clause.

Regulatory compliance – avoids penalties and licence suspension.
Operational consistency – standardises due‑diligence across all sales personnel.

⚠️Common Exam Mistake

Students frequently think that a verbal AML policy is sufficient. The exam expects a *written* policy that is signed by the compliance officer and reviewed at least once a year.

Key Elements of a Written AML Policy

The policy must start with a clear scope that defines which entities (brokers, sub‑brokers, distributors) and which products (equity derivatives, futures) are covered. This prevents ambiguity during audits.

Next, it should detail the customer due‑diligence (CDD) process: identification documents, verification methods, and risk‑rating criteria. The policy must also describe the enhanced due‑diligence (EDD) steps for high‑risk customers, such as Politically Exposed Persons (PEPs) or entities from high‑risk jurisdictions.

Finally, the document must include monitoring and reporting mechanisms, escalation pathways, record‑keeping timelines, and the authority responsible for policy approval and annual review. Each section should reference the specific SEBI circular or clause to demonstrate regulatory alignment.

Risk Assessment & Customer Due Diligence (CDD)

Risk assessment is the first quantitative step in AML compliance. Every client is assigned a risk rating—Low, Medium, or High—based on factors such as transaction size, source of funds, and geographic location. The written procedure must specify the scoring methodology and the thresholds that trigger enhanced due‑diligence.

During onboarding, the CDD checklist should capture: full legal name, PAN, Aadhaar, proof of address, and, for corporate clients, directors' details and CIN. The policy must also state the verification sources (e.g., RBI’s KYC database, government portals) and the timeline (usually within 5 business days of account opening).

For exam purposes, remember that a missing step—like not obtaining the PAN for an individual client—makes the written procedure non‑compliant, even if the rest of the policy is robust.

∑Formula: Total Risk Score

\sum_{i=1}^{n} Score_{i}

Where:

Score_{i}= Individual risk factor score (e.g., transaction size, jurisdiction risk, client type)

n= Number of risk factors considered

Worked Example

Given three risk factor scores: Score_{1}=3 (transaction size), Score_{2}=5 (high‑risk jurisdiction), Score_{3}=2 (client type): Step 1: Total Risk Score = 3 + 5 + 2 Step 2: Total Risk Score = 10 Verification: \sum_{i=1}^{3} Score_{i} = 10.

Monitoring and Reporting Obligations

Once customers are onboarded, continuous monitoring must detect unusual patterns such as large cash deposits, rapid turnover of positions, or transactions that deviate from the client’s known profile. The written AML procedure should outline the thresholds that trigger a Suspicious Transaction Report (STR) and the exact timeline for filing—typically within 48 hours of detection.

Reporting channels must be clearly defined: the compliance officer prepares the STR, which is then submitted electronically to the Financial Intelligence Unit‑India (FIU‑India). The policy should also cover internal escalation, preservation of evidence, and cooperation with law‑enforcement agencies.

Exam questions may present a delay in filing an STR. Remember: any breach of the 48‑hour rule is a direct non‑compliance point, even if the STR is eventually filed.

ℹ️Exam Tip on STR Filing

The NISM exam treats a 48‑hour filing deadline as absolute. If a scenario mentions a 72‑hour delay, the answer is "non‑compliant".

Risk Classification of Customers

Risk Level	Typical Indicators	Enhanced Due Diligence Required?
Low	Small transaction volume, domestic residence, no PEP status	No
Medium	Moderate transaction volume, foreign jurisdiction with moderate AML rating	Yes – basic verification
High	Large cash transactions, PEP, high‑risk jurisdiction (e.g., North Korea)	Yes – detailed source‑of‑funds verification

Record‑Keeping Requirements

SEBI mandates that all AML‑related records—customer KYC documents, risk‑assessment scores, transaction logs, and STR copies—be retained for a minimum of five years from the date of the transaction. The written policy must specify the storage format (electronic or physical) and the security controls (encryption, access logs) to protect confidentiality.

Records must be readily retrievable for regulatory inspections. The policy should also describe the periodic internal audit schedule (at least annually) to verify that records are complete and correctly indexed.

In the exam, a question may ask which document can be discarded after two years. The correct answer is any *non‑AML* marketing material; all AML documents must stay for five years.

Average Turnaround Time (Days) for STR Filing by Risk Category

Example: NISM‑Style Scenario: Large Cash Deposit

Scenario

A retail investor walks into a brokerage office and wants to deposit Rs 12 lakh in cash to trade equity derivatives. The sales associate records the deposit but does not obtain a senior‑manager sign‑off and files the STR after 72 hours.

Solution

Step 1: The cash amount exceeds the typical low‑risk threshold (Rs 5 lakh) and therefore triggers a high‑risk classification. Step 2: The written AML policy requires enhanced due‑diligence, including source‑of‑funds verification and immediate senior‑manager approval. Step 3: The policy also mandates filing an STR within 48 hours of detection. Because the associate delayed filing to 72 hours and omitted senior‑manager sign‑off, the firm is non‑compliant. Step 4: The correct action would have been to collect PAN, obtain a written declaration of source of funds, get senior‑manager sign‑off, and file the STR within 48 hours.

Conclusion

The scenario highlights two exam‑focused failures: missing senior‑management approval and breaching the 48‑hour STR filing deadline, both of which render the written AML procedures non‑compliant.

⭐Exam Takeaways

A written AML policy must be approved by senior management and reviewed at least annually.
The policy must cover scope, CDD/EDD steps, risk‑rating methodology, monitoring, reporting, and record‑keeping.
Customer risk is quantified using a total risk score; high‑risk clients trigger enhanced due‑diligence.
Suspicious Transaction Reports must be filed with FIU‑India within 48 hours of detection.
All AML‑related records must be retained for a minimum of five years and be audit‑ready.
Common exam trap: assuming verbal policies or delayed STR filing are acceptable – they are not.

Practice Questions

8 questions on Written Anti Money Laundering Procedures

Who must approve the written AML policy for a SEBI‑registered intermediary?

What is the minimum period for retaining AML‑related records under SEBI regulations?

Which item is NOT part of the CDD checklist for an individual client?

For which risk level does the policy mandate detailed source‑of‑funds verification?

A retail investor deposits Rs 12 lakh in cash. The associate does not obtain senior‑manager sign‑off and files the STR after 72 hours. Which compliance failures are present?

Which of the following documents may be discarded after two years without breaching AML record‑keeping rules?

According to the written AML procedure, within how many business days must the CDD verification be completed after account opening?

If a suspicious transaction is detected on Day 1, by which day must the STR be filed to satisfy the 48‑hour filing requirement?

←Risk Disclosure Document Investors Grievance Redressal Mechanism→