CFT — Combating the Financing of Terrorism — is one half of the twin compliance obligation every bank in India lives with daily. The other half is AML (Anti-Money Laundering), and the two are almost always written together: AML/CFT. If AML is about stopping criminals from laundering dirty money, CFT is about stopping anyone — even people with perfectly legal income — from funnelling funds to terrorist groups or activities.
India’s legal framework for CFT sits inside the Prevention of Money Laundering Act, 2002, reinforced by the Unlawful Activities (Prevention) Act, 1967, and guided by the global standards of the Financial Action Task Force (FATF). Since India is a FATF member, the RBI translates FATF recommendations into operational instructions for banks through its KYC Master Direction.
Why CFT Is Different from AML
Here’s something many people miss: money laundering always starts with illegal funds. But terrorist financing doesn’t have to. A terrorist cell can be funded by perfectly legitimate income — charity donations, a small business, rental income — and the bank account looks completely normal on the surface. This is exactly what makes CFT harder to detect than money laundering.
Transaction amounts also tend to be small in terrorist financing. A Rs.10,000 transfer to a specific phone number in a conflict-affected district might be entirely innocent — or it might matter enormously. Banks use a combination of red-flag indicators, watchlist screening, and transaction pattern analysis to catch what the naked eye would miss.
Every bank operating in India must screen every customer and every transaction against the UN Security Council’s consolidated sanctions list, as well as lists maintained by India’s own Ministry of Home Affairs. If a name matches, the account is frozen immediately — not after review, not after investigation. Immediately. This is called Targeted Financial Sanctions, and there is no grey area in how it is enforced.
How CFT Compliance Works Inside a Bank
Step 1 — Know the Customer First: CFT starts at account opening. Before a bank onboards any customer, it assesses their risk. A retired schoolteacher in Pune is low risk. A company director with connections to a sanctions-listed country is high risk and needs Enhanced Due Diligence.
Step 2 — Screen Every Transaction: Banks run automated monitoring systems that check every transfer — domestic and international — against sanctions databases and behavioural baselines. A transaction flagged by the system goes to the bank’s compliance team for review within hours.
Step 3 — File the STR: If the compliance officer concludes the transaction is genuinely suspicious, an STR (Suspicious Transaction Report) is filed with FIU-IND within 7 working days. The customer is never told this has happened.
Step 4 — Cooperate with Enforcement: FIU-IND analyses the STR and, if warranted, shares the intelligence with the Enforcement Directorate, CBI, or Anti-Terror units. The bank cooperates fully with any investigation that follows.
Frequently Asked Questions
Q: What does CFT stand for in banking?
A: CFT stands for Combating the Financing of Terrorism. It’s the set of rules and practices that prevent banks from being used — knowingly or unknowingly — to fund terrorist activities. In India it operates under PMLA 2002 and the RBI’s KYC Master Direction.
Q: Is CFT different from AML?
A: Same regulatory framework, different threat. AML targets illegal money being made to look clean. CFT targets legal or illegal money being moved to fund violence. Both are handled through the same KYC, monitoring, and STR-filing machinery — which is why you always see them written as AML/CFT.
Q: What is FIU-IND?
A: FIU-IND is the Financial Intelligence Unit of India — a central agency under the Ministry of Finance that receives STRs and cash transaction reports from banks and other financial entities, analyses the data, and passes actionable intelligence to law enforcement. Think of it as India’s financial crime clearinghouse.
Q: Can a normal customer be caught up in CFT checks?
A: Sometimes a legitimate customer shares a name with a sanctioned individual, or a transaction to a relative abroad triggers a watchlist flag. In those cases the bank’s compliance team reviews the matter and typically resolves it quickly. The system is designed to investigate first, not punish first.
