India — Financial Jurisdiction and Regulatory Framework
India as an emerging major financial jurisdiction. Overview of regulatory structure, supervisory authorities (RBI, SEBI, IRDAI, PFRDA, FIU-IND), and key frameworks including data protection (DPDP Act 2023).
Summary
India is the fifth-largest economy in the world and possesses a rapidly growing financial sector serving over 1.5 billion people. The Indian financial market is governed by a multi-layered supervisory structure, with the Reserve Bank of India (RBI) serving as the central bank and supreme regulatory authority for banking.
- Anti-money laundering: FIU-IND as the Financial Intelligence Unit under the Prevention of Money Laundering Act (PMLA 2002, Act No. 15 of 2003, in force since 1 July 2005)
- Tax law: Central Board of Direct Taxes (CBDT) and Central Board of Indirect Taxes and Customs (CBIC)
- Banking supervision: RBI supervises commercial banks, NBFCs, and payment systems
- Capital markets: SEBI regulates securities markets, mutual funds, and stock exchanges
- Insurance supervision: Insurance Regulatory and Development Authority of India (IRDAI) under the IRDA Act 1999
- Pension supervision: Pension Fund Regulatory and Development Authority (PFRDA)
- Data protection: Digital Personal Data Protection Act (DPDP Act) 2023, passed on 11 August 2023; DPDP Rules 2025 notified on 13 November 2025
- FATF membership: Full member of the FATF since 2010
History
Indian financial regulation dates back to the colonial era. The Reserve Bank of India was established in 1935 under British rule and nationalized in 1949. In the decades following independence (1947), the financial sector was heavily state-controlled — the bank nationalizations of 1969 and 1980 brought over 80% of banking assets under government control.
The turning point came with the liberalization reforms of 1991 under Finance Minister Manmohan Singh. The establishment of SEBI (1992) as an independent capital markets regulator and the gradual opening of the financial market to private and foreign players fundamentally transformed the sector. The Prevention of Money Laundering Act (PMLA) 2002 received presidential assent on 17 January 2003 (Act No. 15 of 2003) and came into force together with its Rules on 1 July 2005; the establishment of FIU-IND (2004) complemented the AML regime. India's digital revolution — particularly the Unified Payments Interface (UPI) from 2016 onward — has dramatically modernized the financial system. With the Digital Personal Data Protection Act (DPDP Act) 2023 — passed on 11 August 2023, with its DPDP Rules notified on 13 November 2025 — India enacted its first comprehensive data-protection statute. The implementation of CRS and the signing of the FATCA agreement integrated India into the international tax information exchange network.
Scope
The Indian regulatory framework covers one of the most diversified financial sectors in the world:
- Scheduled commercial banks (public and private) and regional rural banks (RBI)
- Non-Banking Financial Companies (NBFCs) and housing finance companies (RBI/NHB)
- Stock exchanges (BSE, NSE), brokers, and mutual funds (SEBI)
- Insurance companies (IRDAI)
- Pension funds (PFRDA)
- Payment systems and FinTech companies (RBI)
- All reporting entities under PMLA (FIU-IND)
Key Requirements
- RBI licensing for banks, NBFCs, and payment service providers
- SEBI registration for market participants, mutual funds, and portfolio managers
- Compliance with PMLA including KYC norms (Aadhaar/PAN-based)
- Filing of suspicious transaction reports (STR) and cash transaction reports (CTR) with FIU-IND
- Compliance with the Digital Personal Data Protection Act (DPDP Act) 2023 and the DPDP Rules 2025 (consent, data-fiduciary obligations, protection of personal data)
- Implementation of CRS for automatic exchange of information
- Compliance with FATCA agreement (IGA Model 1) with the United States
- RBI regulations on the Liberalised Remittance Scheme (LRS) for capital flows
Corrections & Errata
The profile does not mention the DPDP Act 2023, India's first comprehensive data-protection statute (passed 11 Aug 2023; implementing rules notified 13 Nov 2025).
Full details on the errata page →India had no connections. Connected as FATF member and AIA participant.
Full details on the errata page →key_dates: 2002-01-17 corrected to 2003-01-17
Full details on the errata page →