The International Financial Services Centres Authority (IFSCA) has established a robust regulatory framework to safeguard the International Financial Services Centre (IFSC) from money laundering (ML), terrorism financing (TF), and other financial crimes. Under the IFSCA (Anti-Money Laundering, Counter Terrorism Financing and Know Your Customer) Guidelines, 2022 (“IFSCA AML Guidelines”), regulated entities are required to adopt a risk-based approach to customer onboarding, monitoring, and ongoing compliance.
A central pillar of this framework is the identification and management of high-risk customers, which necessitates the application of Enhanced Due Diligence (EDD) measures. These measures go beyond standard Customer Due Diligence (CDD) and are designed to mitigate elevated ML/TF risks without disrupting legitimate business.
This article provides a detailed, practitioner-focused analysis of AML measures applicable to high-risk customers under the IFSCA AML Guidelines, including risk identification, EDD requirements, operational controls, and best practices for regulated entities operating in the IFSC.
IFSCA-regulated entities—including banking units, capital market intermediaries, insurance offices, fintech entities, and fund managers—operate in a globally interconnected financial environment. This increases exposure to complex cross-border risks, layered ownership structures, and sophisticated ML/TF typologies.
To address these risks, the IFSCA AML Guidelines mandate that regulated entities must:
Failure to adequately manage high-risk customers can result in regulatory action, reputational damage, and systemic vulnerabilities within the IFSC ecosystem.
Enhanced Due Diligence is an advanced form of Customer Due Diligence applied when a customer or transaction presents a higher-than-normal risk of ML/TF. The concept is aligned with global standards, including the Financial Action Task Force (FATF) Recommendations, which underpin the IFSCA AML Guidelines.
Under a risk-based approach:
EDD is not a checklist exercise. It is a judgment-driven, evidence-based process that requires deeper scrutiny of the customer’s identity, financial background, business rationale, and transactional behaviour.
The primary objectives of EDD under the IFSCA AML framework are to:
Correctly identifying high-risk customers is foundational to effective EDD. The IFSCA AML Guidelines require regulated entities to assess risk holistically, considering multiple dimensions rather than a single trigger.
Certain customer characteristics inherently increase ML/TF risk, including:
Geography remains a critical determinant of ML/TF risk. High-risk indicators include:
Certain products, services, or delivery channels may heighten ML/TF exposure:
When a customer is classified as high-risk, the regulated entity must apply EDD measures in addition to standard CDD. The following controls are explicitly expected under the IFSCA AML Guidelines.
Regulated entities must conduct deeper inquiries into the customer’s background, including:
Information may be collected directly from the customer and supplemented through reliable and independent sources, such as: Corporate registries, Regulatory filings, Reputable databases and media searches, and Professional networking platforms (e.g., public employment history). The objective is to corroborate customer-provided information and identify inconsistencies.
Understanding how a customer acquires and uses funds is central to EDD.
Source of Funds (SoF)
Refers to the immediate origin of funds involved in a transaction (e.g., salary, dividends, sale of assets).
Source of Wealth (SoW)
Refers to the overall accumulation of wealth over time (e.g., business profits, inheritance, long-term investments).
Regulated entities must make reasonable efforts to verify both, using documentary evidence such as: Audited financial statements, Tax returns, Bank statements, Payslips or employment contracts, and Sale agreements or inheritance documents. The financial profile must be consistent with the customer’s business activities and transaction values.
The IFSCA AML Guidelines require that senior management be involved in decisions relating to high-risk customers. This includes:
Senior management involvement ensures accountability, governance, and alignment with the regulated entity’s risk appetite.
Risk is not static. High-risk customers must be subject to continuous and intensified monitoring, including:
Monitoring should be dynamic, allowing the regulated entity to escalate controls or exit relationships if risk becomes unmanageable.
To mitigate impersonation and layering risks, the IFSCA AML Guidelines require that the first payment in a high-risk relationship must originate from:
Acceptable institutions include: Banks, Regulated financial institutions implementing FATF-aligned AML frameworks, and Subsidiaries of such institutions subject to group-wide AML controls. This requirement strengthens the integrity of customer verification.
Beyond minimum regulatory requirements, experienced compliance teams adopt best practices to enhance resilience and efficiency.
Regular, role-specific training ensures staff can:
Advanced transaction monitoring systems can improve accuracy and timeliness by:
To maintain effectiveness, regulated entities should establish:
Continuous improvement is essential to address evolving regulatory expectations and financial crime typologies.
Managing high-risk customers is not about avoiding risk altogether—it is about understanding, controlling, and documenting it. Overly conservative approaches can restrict legitimate business, while weak controls expose entities to enforcement and reputational damage.
A balanced EDD framework enables regulated entities to:
For institutions seeking to design or enhance their AML and EDD frameworks under IFSCA regulations, RemitSo supports compliance programs that are structured, risk-aligned, and operationally practical.
Managing high-risk customers is not about avoiding risk altogether—it is about understanding, controlling, and documenting it. Overly conservative approaches can restrict legitimate business, while weak controls expose entities to enforcement and reputational damage.
A balanced EDD framework enables regulated entities to:
For institutions seeking to design or enhance their AML and EDD frameworks under IFSCA regulations, RemitSo supports compliance programs that are structured, risk-aligned, and operationally practical.
Enhanced Due Diligence (EDD) is mandatory when a customer or transaction is assessed as high-risk based on customer profile, geographic exposure, or product-related risk factors.
Yes. Politically Exposed Persons (PEPs), along with their close relatives and associates, are treated as high-risk customers and require Enhanced Due Diligence.
Yes. Risk ratings should be dynamic and may be revised based on ongoing monitoring, updated documentation, and evolving customer behavior.
Documents may include audited financial statements, tax returns, bank statements, sale agreements, inheritance records, or other evidence depending on the customer’s profile and risk exposure.
Yes. The IFSCA AML Guidelines require senior management involvement in the onboarding and continued relationship with high-risk customers.
High-risk customers should be reviewed more frequently than standard customers — commonly annually or on a trigger-based review following material risk changes.
Technology enhances efficiency, consistency, and monitoring accuracy but does not replace professional judgment or regulatory accountability.
It reduces impersonation and layering risks by ensuring funds originate from a regulated and verified account held in the customer’s own name.
AML measures for high-risk customers under the IFSCA AML Guidelines are intentionally rigorous. When implemented thoughtfully, Enhanced Due Diligence strengthens compliance, preserves business integrity, and supports sustainable growth within the IFSC.
A well-designed EDD framework is not a regulatory burden — it is a strategic safeguard.
