Records and Reporting Obligations (Section 12)

If the offence of money-laundering in Section 3 is the sharp end of the Prevention of Money-Laundering Act, 2002, then Section 12 is its surveillance spine. It conscripts banks, financial institutions and a widening class of intermediaries into a statutory duty to watch, record, retain and report the financial transactions flowing through them. Where the punitive machinery of Section 3 and attachment operates after the laundering, Section 12 is preventive and forward-looking: it builds the paper trail that the Enforcement Directorate and the Financial Intelligence Unit-India (FIU-IND) later mine. For judiciary and CLAT-PG aspirants, mastering Section 12 means understanding not just the bare obligations, but the reporting-entity architecture, the rule-bound prescriptions of value and manner, and the penalty regime in Section 13 that gives the duties teeth.

Where Section 12 sits in the PMLA scheme

Chapter IV of the PMLA, titled "Obligations of Reporting Entities", houses Sections 11A to 15. Section 12 is its centrepiece. The Act follows a deliberate logic: Section 3 defines and Section 4 punishes the offence; Chapters III and V provide for attachment, confiscation and confirmation by the Adjudicating Authority; but Chapter IV addresses a different actor altogether — the legitimate financial gatekeeper through whom dirty money must pass.

The premise is that money-laundering cannot be defeated by punishing launderers alone. It must be detected at the entry and layering stages, when proceeds enter the formal financial system. Section 12 therefore imposes proactive duties on entities that handle money: to know their customers, to maintain reconstructable records, to retain those records, and to flag and report transactions to a central financial-intelligence agency. The constitutional validity of the entire PMLA architecture, including the obligations chapter, was comprehensively upheld in Vijay Madanlal Choudhary v. Union of India, 2022 SCC OnLine SC 929, where the Supreme Court characterised the Act as a self-contained code aimed at a distinct, transnational mischief that ordinary penal law could not reach.

It is useful to see Section 12 as the civil-regulatory counterpart to the Act's penal limb. The same proceeds of crime that, in the hands of a person who projects them as untainted, attract prosecution under Section 3, will, while passing through a bank or intermediary, generate a documentary footprint under Section 12. The reporting entity is not accused of any offence; it is co-opted as a sentinel. This dual character — a non-accusatory, preventive obligation enforced by a civil penalty under Section 13 rather than by imprisonment — is the key to reconciling the breadth of the duties with the proportionality the Constitution demands, and it is why the obligations survive challenge while remaining onerous in practice.

Who is a "reporting entity"? — Section 2(1)(wa)

Section 12 fastens its obligations on the "reporting entity". That phrase, inserted by the Prevention of Money-Laundering (Amendment) Act, 2012 (effective 15 February 2013), is defined in Section 2(1)(wa) to mean a banking company, a financial institution, an intermediary or a person carrying on a designated business or profession. Each of those limbs is itself a defined term: "banking company" and "financial institution" track their meanings under the Banking Regulation Act and the RBI framework; "intermediary" under Section 2(1)(n) sweeps in stockbrokers, sub-brokers, portfolio managers, registrars, depository participants and the wide universe of SEBI-registered persons.

The fourth limb — "person carrying on a designated business or profession" under Section 2(1)(sa) — is where the Act has expanded most aggressively. It now reaches casinos, dealers in real estate, dealers in precious metals and stones, and, controversially, professionals such as practising company secretaries, chartered accountants and cost accountants who carry out specified financial transactions on behalf of clients, brought within the net by notifications under the Act. The breadth of the reporting-entity definition is what makes Section 12 a pervasive compliance obligation across the Indian financial and professional economy, not merely a banking rule.

The core duty: maintaining a record of transactions — Section 12(1)(a)

Section 12(1)(a) commands every reporting entity to "maintain a record of all transactions, including information relating to transactions covered under clause (b), in such manner as to enable it to reconstruct individual transactions". Two ideas are embedded here. First, the duty is comprehensive — it extends to all transactions of the prescribed nature and value, whether a single transaction or a series of integrally connected transactions. Second, the standard of record-keeping is functional: the records must be detailed enough to permit reconstruction of an individual transaction at a later date, so that investigators can follow the money.

The qualifying "nature and value" of transactions is not left to the entity. It is prescribed by the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005. Rule 3 enumerates the reportable categories: all cash transactions of more than ten lakh rupees (or equivalent in foreign currency); a series of integrally connected cash transactions below that threshold but aggregating above it within a month; transactions involving forged or counterfeit currency; all suspicious transactions whether or not in cash; cross-border wire transfers above five lakh rupees; and purchase or sale of immovable property valued at fifty lakh rupees or more. The pre-2009 Section 12 spoke separately of cash transactions of a prescribed value; the substituted text now folds these into the unified records-and-reporting duty, with the detail relegated to the Rules.

The phrase "series of integrally connected transactions" deserves attention. Launderers routinely break a large sum into many smaller deposits, each below the reporting threshold, a technique known as structuring or smurfing. By aggregating connected transactions within a calendar month, the Rules defeat this evasion: the reporting entity cannot escape its duty merely because no single transaction crosses the ten-lakh line. The reconstruction standard reinforces this — records must capture the chain of related entries, not isolated snapshots, so that the layering of funds can be traced end to end. This is why compliance turns on transaction-monitoring systems capable of pattern detection, and not merely on threshold-based alerts.

Furnishing information to the Director, FIU-IND — Section 12(1)(b)

Section 12(1)(b) requires every reporting entity to "furnish to the Director within such time as may be prescribed, information relating to such transactions, whether attempted or executed, the nature and value of which may be prescribed". The Director here is the Director of the Financial Intelligence Unit-India, the central agency that receives, analyses and disseminates financial-intelligence reports. This is the reporting half of the section's title, and it is what converts passive records into actionable intelligence.

The mechanics live in Rules 3 to 8 of the 2005 Rules, which prescribe the reports a reporting entity must file: the Cash Transaction Report (CTR), the Suspicious Transaction Report (STR), the Counterfeit Currency Report (CCR), the Non-Profit Organisation Transaction Report (NTR), and reports on cross-border wire transfers and immovable-property transactions. Timelines are tight — for instance, suspicious transactions must be reported promptly, generally within seven working days of arriving at a conclusion that a transaction is suspicious. Crucially, the duty extends to attempted transactions, not merely completed ones, reflecting the preventive design of the Act discussed in the FATF-driven genesis of the legislation.

Client identity and beneficial ownership — Section 12(1)(c) and (e)

The substituted Section 12 also codifies the "Know Your Customer" discipline. Clause (c) requires the reporting entity to "verify the identity of its clients in such manner and subject to such conditions, as may be prescribed". Clause (e) requires it to "maintain record of documents evidencing identity of its clients and beneficial owners as well as account files and business correspondence relating to its clients". The introduction of "beneficial owners" is significant: the Act looks through nominee and shell arrangements to the natural person who ultimately owns or controls the client, mirroring the FATF Recommendations on transparency of beneficial ownership.

Clause (d), inserted to give effect to client due-diligence norms, obliges the entity to identify the beneficial owner and take reasonable steps to verify the beneficial owner's identity. The procedural content of these duties is supplied by the 2005 Rules and by regulator-specific KYC directions — the RBI Master Directions on KYC for banks, and SEBI's KYC framework for capital-market intermediaries. The verification duty is not a one-time formality at onboarding; it requires ongoing due diligence over the life of the relationship, with enhanced scrutiny for higher-risk clients under Section 12AA.

How long must records be kept? — Section 12(2) and (3)

Retention is governed by Section 12(2) and (3), and the drafting is precise enough to be a frequent examination point. Under Section 12(3), the records of transactions referred to in clause (a) of sub-section (1) must be "maintained for a period of five years from the date of transaction between a client and the reporting entity". The retention clock therefore runs from the transaction date.

For identity and account documents, the rule differs. Section 12(4) (read with the records relating to clause (e)) requires that records evidencing the identity of clients and beneficial owners, together with account files and business correspondence, be maintained for "five years after the business relationship between a client and the reporting entity has ended or the account has been closed, whichever is later". The shift of the trigger — from the date of the transaction for transaction records, to the end of the relationship for identity records — reflects the 2017 amendment which aligned the retention rule with the FATF standard and replaced the earlier ten-year period for some records. Aspirants should note both the duration (five years) and the differing start points, because misstating the trigger is the classic trap.

Confidentiality of furnished information

The Act balances disclosure against secrecy. The information maintained, furnished or verified under Section 12 must, save as otherwise provided under any law for the time being in force, be kept confidential. This protects the customer and the integrity of the reporting process: a Suspicious Transaction Report is intelligence, not an accusation, and premature disclosure would defeat its purpose and expose the entity to tipping-off risks.

The confidentiality obligation dovetails with the "no tipping-off" principle embedded in the reporting regime — a reporting entity should not disclose to the client that an STR has been or is being filed, because doing so would alert a potential launderer and frustrate the investigation. The confidentiality clause, together with the immunity in Section 14, is what makes candid reporting commercially safe for the entity.

Section 14 deserves emphasis as the corollary of the reporting duty. It provides that no civil or criminal proceeding shall lie against a reporting entity, its directors or employees for furnishing information in good faith under Section 12(1)(b). Without such immunity, an entity reporting a suspicious transaction would expose itself to suits for breach of banker-customer confidentiality or defamation. By granting safe harbour for good-faith reporting, Section 14 removes the disincentive to report and completes the architecture: the customer's interest is protected by confidentiality, and the entity's interest is protected by immunity, leaving the reporting duty itself unencumbered.

The Director's power to call for records — Section 12A

Section 12A, inserted by the Finance Act, 2019, arms the Director with a correlative investigative power. The Director may call for from any reporting entity any of the records referred to in Section 11A, Section 12(1), Section 12AA(1), and any additional information he considers necessary for the purposes of the Act. Every reporting entity must then furnish the information "within such time and in such manner as he may specify". A second sub-section preserves confidentiality of the information so obtained, save as otherwise provided by law.

Section 12A converts the reporting duty from a one-directional filing obligation into a responsive one. The entity must not only file periodic reports of its own motion under Section 12(1)(b), but must also produce, on demand, the underlying records when the Director seeks them. This power is the practical bridge between the records held by the entity and the analysis conducted by FIU-IND, and it underlies many enforcement actions discussed in connection with the adjudication machinery.

Enhanced due diligence for specified transactions — Section 12AA

Section 12AA, also inserted by the Finance Act, 2019, layers an enhanced-due-diligence regime on top of the baseline Section 12 duties. Before commencement of each "specified transaction", the reporting entity must: (i) verify the identity of the client undertaking the specified transaction by authentication under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, or by such other prescribed means; (ii) take additional steps to examine the ownership and financial position, including the sources of funds of the client; and (iii) record the purpose behind conducting the specified transaction and the intended nature of the relationship between the parties.

Where the reporting entity is unable to apply such due diligence, it must not undertake the specified transaction, must terminate the relationship if appropriate, and must consider filing a suspicious-transaction report. Information obtained under Section 12AA is also to be maintained for five years and kept confidential. Section 12AA thus operationalises a risk-based approach — ordinary transactions attract baseline KYC, while higher-risk "specified transactions" attract a heightened, documented scrutiny consistent with the FATF risk-based standard.

Consequences of default — the Section 13 penalty regime

The duties in Section 12 are enforced through Section 13, which empowers the Director to inquire into the conduct of a reporting entity in discharging its obligations. After such inquiry, where the Director finds that the entity, its designated director or any of its employees has failed to comply with the obligations under the Act, the Director may issue a written warning, direct the entity to comply with specific instructions, direct it to send reports at prescribed intervals, or by an order impose a monetary penalty.

The penalty under the amended Section 13(2)(d) "shall not be less than ten thousand rupees but may extend to one lakh rupees for each failure". The reach of the penalty to the "designated director" and "employees" personalises accountability, while the graded menu of sanctions — from warning to monetary penalty — gives the Director proportionality. The current high-water mark of enforcement under this regime is the substantial monetary penalty imposed by FIU-IND on Paytm Payments Bank Ltd. for failures in its PMLA obligations, illustrating that the regime bites on large regulated entities, not merely on small intermediaries.

Two structural features of Section 13 are worth flagging. First, the penalty is calculated "for each failure", so a pattern of repeated non-reporting can compound into a large aggregate liability — the unit of default is the individual failure, not the inquiry. Second, the inquiry power is investigative: the Director may examine the entity's systems and records before forming a view, which dovetails with the production power in Section 12A. Because Section 13 sanctions are civil and regulatory rather than penal, they do not require proof of the mental element demanded for the offence in Section 3; the focus is on the fact of non-compliance with a statutory obligation, tempered by the graded and proportionate menu of responses the Director may choose from.

Beneficial construction of the amended penalty — the Corporation Bank line

A significant judicial gloss on Section 13 concerns whether the milder, post-2013 penalty regime applies to defaults committed earlier. In Financial Intelligence Unit-IND v. Corporation Bank, 2019 SCC OnLine Del 9950, the Delhi High Court held that the amended Section 13 — which expanded the menu of responses to include a mere written warning and recast the penalty — operates retrospectively in favour of the reporting entity. Applying the rule of beneficial construction, the Court reasoned that where a later amendment reduces or softens the consequence of a default, the entity should have the benefit of the lighter sanction even for a default predating the amendment.

The practical upshot is that an Appellate Tribunal order substituting a written warning for a monetary fine, in respect of a pre-2013 default, was held unassailable. The case is a useful illustration of how penal-but-civil regimes attract the same beneficial-construction principles familiar from criminal sentencing, and it remains a leading reference on the temporal operation of the Section 13 penalty.

Appeals and the procedural framework — Sections 13(3) and 15

A reporting entity aggrieved by an order of the Director under Section 13(2) is not without remedy. Section 13 read with the appellate provisions allows an appeal to the Appellate Tribunal constituted under the Act, which is the same tribunal that hears appeals from orders of the Adjudicating Authority on attachment matters. This channels reporting-entity disputes into a specialised forum rather than the ordinary civil courts.

Section 15 supplies the rule-making bridge: it empowers the Central Government, in consultation with the Reserve Bank of India, to prescribe the procedure and manner of maintaining and furnishing information under Section 12 and to prescribe the procedure and manner of verifying client identity. It is under Section 15, together with the general rule-making power, that the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 were framed. The interplay of the parent section and the Rules means that a complete answer on reporting obligations almost always requires citing both Section 12 and the relevant 2005 Rule.

Constitutional validity of the obligations regime

The reporting-entity obligations have been challenged as imposing an excessive and disproportionate burden, and as enabling a surveillance regime without adequate safeguards. The Supreme Court's omnibus ruling in Vijay Madanlal Choudhary v. Union of India, 2022 SCC OnLine SC 929, upheld the PMLA scheme as a whole, treating its preventive and investigative mechanisms as a proportionate response to the grave and transnational mischief of money-laundering. While the bulk of the judgment addressed attachment, arrest and the role of the Enforcement Case Information Report, its reasoning sustains the wider architecture, including the obligations of reporting entities, as integral to a self-contained anti-laundering code.

The Court accepted that India's commitments under the international anti-money-laundering framework — the FATF Recommendations and the Vienna and Palermo Conventions — justified a robust reporting and record-keeping regime. Read with the genesis of the Act, this confirms that Section 12 is not an incidental compliance burden but a load-bearing element of the statutory design that the Constitution permits.

Exam takeaways and common traps

For the examination, anchor four points. First, the obligations of Section 12(1) are fourfold — maintain reconstructable records of transactions; furnish prescribed information to the Director, FIU-IND (including attempted transactions); verify client and beneficial-owner identity; and maintain identity, account and correspondence records. Second, retention is five years, but with different triggers: from the date of transaction for transaction records, and from the end of the relationship or closure of the account (whichever is later) for identity records. Third, default is enforced through Section 13 — warning, directions, or a monetary penalty of ten thousand to one lakh rupees per failure — with the milder amended regime applied retrospectively per Financial Intelligence Unit-IND v. Corporation Bank.

Fourth, place the supporting provisions correctly: Section 12A (Director's power to call for records) and Section 12AA (enhanced due diligence for specified transactions) were both inserted by the Finance Act, 2019, while the modern reporting-entity framework of Section 12 itself was substituted with effect from 2013. The most common traps are confusing the two retention triggers, attributing the penalty range to Section 12 rather than Section 13, and forgetting that the duty captures attempted transactions. A confident answer cites both the section and the relevant Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, and frames the whole regime against the Vijay Madanlal Choudhary validation. For the wider scheme, cross-read these duties with the offence and punishment provisions.