STR Privacy Protocols: Upholding Confidentiality and Preventing Tipping Off

Refraining from “tipping off” is one of the requirements associated with a Suspicious Transaction Report (STR). The IFSCA (AML, CFT, and KYC) Guidelines, 2022, mandates that regulated entities maintain the confidentiality of the suspicious transactions reported to the Financial Intelligence Unit, India (FIU-IND).

The IFSCA Guidelines impose the “tipping off” obligation on the regulated entity, its employees and agents working for or representing the entity, prohibiting from disclosing the following details to the customer or any other person:

1. Fact that the entity has identified any ML/FT suspicion for a customer or the transaction
2. Information about the suspicious transaction reported or proposed to be reported to FIU-IND
3. Any other information that may give up a hint of observed ML/FT red flags or suspicion or the reporting thereof as STR

This restriction ensures that the suspected financial criminal does not be cautious and attempts to escape punishment.

In this context, the IFSCA Guidelines provide certain exceptions where the regulated entity can exchange this information with a particular class of persons under specific circumstances. This includes:

1. Sharing information about suspicions or STRs with senior management or employees of the entity necessary to perform the official duties diligently
2. Providing information to lawyers with an intent to seek legal opinion on the subject of suspicious matter
3. Informing supervisory authorities to enable them to discharge their supervisory function
4. Disclosing the information with any other person by the court’s order

Compliance with confidentiality requirements is equally essential as filing STR.

Here is an infographic discussing “tipping off” – deterrence and relaxations around disclosing STR-related details.

To help you comply with AML regulations and protect your business against financial crime, we are – AML India – an end-to-end AML consultancy service provider. We can help you establish a robust internal and external STR filing mechanism and educate the team, fostering compliance with STR privacy protocols.