RBI Releases Guidance for Internal Risk Assessment of Money Laundering and Terrorist Financing

The Reserve Bank of India has issued the Internal Risk Assessment Guidance for Money Laundering and Terrorist Financing, offering regulated entities a structured framework to strengthen their defences against financial crime. As digital transactions expand and cyber-enabled financial fraud becomes increasingly sophisticated, this guidance supports a more secure and compliant financial ecosystem.

Strengthening Compliance Under KYC and Financial Crime Laws

Under the existing Master Direction – Know Your Customer (KYC) framework, regulated entities must periodically assess risks related to money laundering, terrorist financing, and proliferation financing. These risks arise from various factors, including customer profiles, geographic exposure, transactional behaviour, and the nature of products and services offered.
The new guidance reinforces these obligations by clarifying how institutions should evaluate and mitigate these digital and financial threats effectively.

Enhancing Cyber-Security and AML/CFT Capabilities

The Guidance Note is directed at operational staff, compliance teams, and Anti-Money Laundering/Counter-Terrorist Financing professionals. By laying out key principles and methodologies, it aims to improve the financial sector’s ability to identify suspicious activity, strengthen internal controls, and counter threats that increasingly leverage digital platforms, online identities, and cross-border payment channels.

In the context of India’s cyber law landscape, the document supports better data governance, risk-based monitoring, and privacy-aware handling of sensitive customer information—critical components of financial cybersecurity.

Alignment With Regulatory Instructions

While the Guidance Note outlines recommended systems, procedures and analytical tools, it emphasises that the existing RBI instructions take precedence wherever differences arise. This ensures consistency with the legal and regulatory framework governing financial security, cyber risk management and national security obligations.

[RBI]