ALL FRONTIER GLOBAL NEXUS — FAQ SUPPLEMENT

AML AND SANCTIONS SCREENING

Frequently Asked Questions — India-EU Trade Compliance Context

This FAQ answers the most commonly asked questions about Anti-Money Laundering (AML) and sanctions screening in India-EU trade facilitation — covering who must comply, what screening involves, what to do when a match is found, and how to maintain ongoing compliance efficiently.

SECTION 1 — WHO MUST COMPLY

Q1. Does AML law apply to trade facilitators and commission agents?

Yes — in India, trade facilitators and commission agents are subject to the Prevention of Money Laundering Act 2002 (PMLA) as amended, particularly where they handle proceeds of trade transactions or facilitate payment flows. Additionally, any business involved in high-value trade (especially in precious metals, gems, luxury goods, real estate, or cash-intensive sectors) has heightened PMLA obligations. The Financial Intelligence Unit of India (FIU-IND) is the authority responsible for receiving Suspicious Activity Reports (SARs) and monitoring compliance. In the EU, the facilitator's EU counterparties (banks, importers) are subject to the EU AML Directives — and they will perform their own due diligence on the Indian facilitator as part of their AML obligations.

Q2. Are there AML obligations even for small or mid-size trade facilitation businesses?

Yes — the PMLA applies to "reporting entities" which includes, broadly, any person carrying on a designated business or profession involving financial transactions. The threshold for full PMLA obligations has been reduced progressively. Additionally, even businesses that are not technically "reporting entities" under PMLA have a practical obligation to conduct sanctions screening — because transacting with a sanctioned party is a criminal offence regardless of business size, and because EU buyers, banks, and partners will require evidence of AML compliance before engaging.

Q3. Do Indian exporters have AML obligations, or only trade facilitators?

Indian exporters dealing in high-value goods (precious metals, gems, luxury items, pharmaceuticals with diversion risk) have enhanced AML obligations. All Indian exporters must comply with FEMA — which includes provisions requiring that export proceeds come from legitimate sources and that the AD bank is satisfied about the bona fides of the transaction. The AD bank itself performs AML screening on the exporter's transactions. However, the trade facilitator who knows both the Principal (exporter) and the Introduced Party (buyer) and who is aware of the commercial context is in the best position to identify AML red flags — and has the most commercial exposure if a problematic transaction proceeds.

SECTION 2 — WHAT SANCTIONS SCREENING INVOLVES

Q4. Which sanctions lists must be screened?

The minimum required screening covers: UN Security Council Consolidated Sanctions List (all UN member states must implement); EU Consolidated Sanctions List (applies to all EU persons and EUR transactions — updated frequently via Official Journal of the EU); UK OFSI Consolidated List (for GBP transactions and UK-nexus dealings); US OFAC SDN List and Sectoral Sanctions Identifications (SSI) List — critical for any USD transactions or dealings with US-nexus parties; India Designated Entities List under UAPA (Unlawful Activities Prevention Act) and PMLA; MCA Disqualified Directors List (for Indian company directors). In practice, a single commercial screening tool (Refinitiv World-Check, Dow Jones Risk & Compliance, ComplyAdvantage) covers all major lists simultaneously — search by name, date of birth, and nationality.

Q5. How often should screening be run?

Screening must be run: (a) at the start of any new business relationship — before any agreement is signed or any information is shared; (b) on each new transaction with an existing counterparty — because sanctions lists are updated frequently (the EU list can be updated multiple times per week during periods of geopolitical tension); (c) on an ongoing basis for all active counterparties — set up automated re-screening alerts through your screening tool so that if a counterparty is designated after the initial screen, you are notified immediately. The interval for periodic re-screening of active counterparties: monthly at minimum; weekly for higher-risk counterparties.

Q6. What information is needed for a sanctions screen?

For an individual: full legal name (including any aliases or name variations known); date of birth; nationality; country of residence. For a company: full legal name (including any trading names); country of incorporation; company registration number; names of directors and UBOs (ultimate beneficial owners — persons owning or controlling 25%+ of the entity). The more information provided, the more accurate the screening result. A screen on name alone generates more false positives — adding date of birth and nationality dramatically reduces false positive rates.

Q7. What is a "false positive" in sanctions screening?

A false positive is a screen result that appears to match a sanctioned name but actually refers to a different person or entity with a similar name. False positives are common — particularly for common names or names from jurisdictions with limited romanisation conventions (Arabic, Chinese, Russian, Indian names may all generate false positives). When a potential match is flagged by the screening tool, the compliance officer must assess whether it is a true match (same person/entity as the sanctioned party) or a false positive (different person/entity with a similar name). This assessment — called a "disposition" — must be documented with the reasoning: why the flagged result is a different person from the sanctioned party. The documentation is your evidence of due diligence if ever questioned.

SECTION 3 — WHEN A MATCH IS FOUND

Q8. What should I do if a sanctions screen returns a confirmed match?

If a confirmed match is found — meaning the counterparty is the same person or entity as a designated sanctioned party — the following steps must be taken immediately: Step 1: Stop the transaction immediately. Do not proceed with any agreement, shipment, payment, or communication that advances the transaction. Step 2: Do not "tip off" the counterparty. Informing a sanctioned party that they have been identified is itself an offence in most jurisdictions. Step 3: Escalate internally. Inform the senior compliance officer or principal of the finding. Step 4: File a Suspicious Activity Report (SAR) with FIU-IND (in India) and/or the relevant EU Financial Intelligence Unit if EU-nexus is involved. Step 5: Seek legal advice before taking any further action — including how to terminate the relationship without tipping off or creating further legal exposure. Step 6: Document everything — the date and time of the screen, the result, the disposition decision, and every action taken thereafter.

Q9. What if the sanction was imposed after we already entered into a contract?

If a counterparty is designated as a sanctioned party after a contract has been entered into, the contract becomes unenforceable to the extent it requires dealings with the sanctioned party. You must: immediately freeze any assets held on behalf of the counterparty; stop all transactions; report to the relevant authority; seek legal advice on how to unwind the contract legally without breaching the sanctions. This is a significant risk in long-term supply agreements — which is why ongoing monitoring of active counterparties is essential. An SBLC or advance payment that has already been made may be subject to frozen funds rules — the bank will not release it without regulatory clearance.

Q10. Are there penalties for transacting with sanctioned parties unknowingly?

In most jurisdictions — yes, strict liability applies to sanctions violations. "I did not know" is not a complete defence if due diligence was not performed. The standard required is "reasonable due diligence" — which means running a sanctions screen and documenting the result. If you screened and found no match, and transacted in good faith, you have a reasonable defence. If you did not screen at all, you have no defence regardless of actual knowledge. Penalties: EU sanctions violations — criminal prosecution; fines up to EUR 1 million per transaction in some member states; reputational damage. India — criminal prosecution under PMLA and UAPA; up to 10 years imprisonment. US OFAC violations (for USD transactions) — civil penalties up to USD 1 million per transaction; criminal prosecution.

SECTION 4 — BUILDING AN EFFICIENT COMPLIANCE SYSTEM

Q11. What is the minimum viable AML/sanctions compliance system for a trade facilitation SME?

For a small-to-medium trade facilitation business, the minimum viable compliance system comprises: (a) A written AML and Sanctions Policy — one to two pages stating the business's commitment to compliance, the screening procedure, and the escalation process. (b) A designated compliance officer — one named person responsible for AML/sanctions compliance, even if part-time. (c) A screening tool — at minimum, free manual searches on the EU sanctions list portal (eeas.europa.eu), OFAC SDN search (sanctionssearch.ofac.treas.gov), and UN list (un.org/sc/suborg/en/sanctions/un-sc-consolidated-list). For higher volume, a commercial tool (ComplyAdvantage offers SME pricing from USD 100–500/month). (d) A screening log — a simple spreadsheet recording: date of screen, name screened, lists screened, result (no match / possible match / confirmed match), disposition reasoning, and screener's name. (e) Annual training — a brief annual training session for all staff involved in counterparty onboarding.

Q12. How does AML screening interact with GDPR and DPDP Act data protection?

There is an inherent tension between AML screening (which requires collecting personal data — names, DOBs, nationalities) and data protection law (which requires minimising and time-limiting personal data collection). The reconciliation: AML screening is a legal obligation — both GDPR (Article 6(1)(c)) and the DPDP Act recognise legal compliance as a lawful basis for processing personal data. You may collect and process personal data for AML purposes without consent. Retention: AML records must be retained for 5 years from the end of the business relationship under PMLA (India). Minimisation: collect only the data needed for screening — do not collect more than name, DOB, nationality, and company registration details. Notify data subjects (in the privacy notice) that personal data is collected and processed for AML compliance purposes.

RELATED DOCUMENTS IN THIS LIBRARY

Doc 104 — FAQ Supplement: AML and Sanctions Screening — All Frontier Global Nexus