Understanding India’s Evolving Legal and Regulatory Framework for Combating Financial Fraud

[authors: Rajat Khandelwal and Akshay Rathi]

Introduction

Financial fraud represents a persistent threat to economic stability, undermining trust among businesses, investors, and the general public. As India’s financial ecosystem expands and transactions become increasingly sophisticated, the need for a robust regulatory framework to combat fraudulent activities has become paramount.

This discussion delves not only into India's evolving legal and regulatory landscape for addressing financial fraud but also offers insight into its historical development, key legislative milestones, and implications for forensic auditors operating in a digitally transformed financial environment.

Legal and Regulatory Foundations

India's formal financial institutions originated in the 19th century with the establishment of the Presidency Banks, which were later unified as the Imperial Bank of India in 1921. The establishment of the Reserve Bank of India (RBI) in 1935 centralized monetary control and oversight. Following independence, the Banking Regulation Act of 1949 expanded the RBI's authority, while the Securities and Exchange Board of India (SEBI), established in 1988, strengthened capital market governance. To meet sector-specific needs, the Insurance Regulatory and Development Authority of India (IRDAI) and the Pension Fund Regulatory and Development Authority of India (PFRDA) were established in 1999 and 2003, respectively. These developments mirrored the rapid growth and complexity of India’s financial sector.

Recent legislative advancements have reinforced anti-fraud mechanisms. The Companies Act, 2013 introduced stringent provisions to curb corporate fraud. In 2023, the enactment of the Bharatiya Nyaya Sanhita and Bharatiya Sakshya Adhiniyam modernized India’s criminal and evidentiary laws, replacing the Indian Penal Code (1860) and the Indian Evidence Act (1872), respectively, to better address contemporary financial crimes. Complementing these legal reforms, the Institute of Chartered Accountants of India (ICAI) issued the Forensic Accounting and Investigation Standards (FAIS) in 2023, providing a structured methodology and ethical framework for forensic professionals.

Understanding this regulatory evolution is crucial for professionals responsible for preventing, detecting, and investigating financial fraud in an era where digital banking and artificial intelligence are transforming the landscape of financial crime. India's legal framework for combating financial fraud is multifaceted, involving various laws and regulatory bodies.

Companies Act, 2013

The Companies Act, 2013 is the principal legislation governing corporate conduct in India. It provides the statutory basis for fraud detection, auditor responsibilities, and investigative mechanisms.

Section 447 defines “fraud” in a broad manner. It encompasses any act, omission, concealment of a fact, or abuse of position committed with the intent to deceive, gain an undue advantage, or injure the interests of the company or its stakeholders. This provision applies even in the absence of actual wrongful gain or loss. This section is frequently cited in forensic audit reports submitted to regulators and courts, and it forms the legal basis for prosecution in corporate fraud cases.

Section 143 outlines the powers and responsibilities of statutory auditors, including mandatory inquiries into loans, advances, deposits, and the disposal of assets. It also imposes an obligation to report material fraud to the Central Government and immaterial fraud to the company’s board of directors or audit committee and to opine on the adequacy of internal financial controls and compliance with accounting standards.

Section 138 mandates internal audits for certain classes of companies, including listed entities and large private companies. Internal auditors often serve as the first line of defense in detecting red flags that may later be escalated to forensic auditors.

Section 212 empowers the Central Government to assign cases of serious fraud to the Serious Fraud Investigating Officer (SFIO). Once a case is assigned, no other agency may investigate it, ensuring centralized and specialized handling of the case. SFIO reports are treated as police reports under the Bharatiya Nyaya Sanhita (BNS), 2023, and are admissible in court without the need for further investigation by police authorities. Investigations can be initiated under this section based on reports from the Registrar of Companies or inspectors under Section 208, special resolutions passed by companies, requests from other government departments, or through Suo motu action by the Central Government.

Section 132 established the National Financial Reporting Authority (NFRA) as an independent regulatory body responsible for enforcing the quality of audit services. NFRA plays a critical role in:

• Mandating forensic audits in cases of suspected auditor negligence or fraud
• Reviewing audit quality and independence
• Imposing penalties and debarment on errant professionals

Forensic auditors may be engaged by NFRA to conduct special audits or assist in investigations involving large listed companies, public interest entities, and financial institutions.

Criminal Law Regime and Evidentiary Standards

Having gone into effect from July 2024, India has transitioned to a new criminal justice framework comprising:

• Bharatiya Sakshya Adhiniyam (BSA), 2023 – replacing the Indian Evidence Act, 1872
• Bharatiya Nyaya Sanhita (BNS), 2023 – replacing the Indian Penal Code, 1860.

For forensic auditors, this shift has significant implications for how evidence is collected, preserved, presented, and evaluated in courts of law.

The BSA, 2023, introduces a technologically forward and litigation-friendly evidentiary regime. The BSA introduces several presumptions relevant to forensic practice:

• Presumption of authenticity for certified copies of public documents (Sections 78–83)
• Presumption of validity for electronic signatures and power of attorney (Sections 84–87)
• Presumption of genuineness for 30-year-old physical documents and five-year-old electronic records (Sections 92–93)

• Admissibility of Electronic Evidence:
  • Electronic records such as emails, logs, spreadsheets, and metadata are admissible as primary evidence if properly authenticated.
  • Forensic auditors must document every step of evidence handling—from acquisition to analysis—to ensure the integrity of the evidence.
  • This presumes validity of certified electronic records older than five years, provided they are unaltered and properly stored.

The BNS, 2023, consolidates and modernizes offenses previously scattered across the IPC. Key provisions relevant to forensic auditors include:

• Section 316: Criminal breach of trust – misappropriation of entrusted property
• Section 317: Breach of trust by public servant, banker, merchant, or agent – a critical provision in banking and corporate frauds
• Section 318: Dishonest misappropriation of property – applicable in embezzlement cases
• Section 320–323: Cheating and dishonestly inducing delivery of property – often linked to financial statement fraud
• Section 336: Forgery and use of forged documents – relevant in document tampering and fake invoicing
• Section 344: Falsification of accounts – central to forensic accounting investigations
• Section 111: Organized crime—explicitly includes cyber extortion, phishing, identity theft, and botnet operations.

These provisions provide the legal basis for prosecution and must be referenced in forensic audit reports submitted to investigative agencies or courts.

Sector-Specific and Cross-Disciplinary Laws for Forensic Auditing

Forensic auditing in India is not confined to corporate law or criminal statutes alone. It is a cross-disciplinary practice that intersects with multiple sectors—banking, securities, taxation, insurance, and anti-money laundering—each governed by its own regulatory framework. A forensic auditor must be conversant with these sector-specific laws to effectively investigate, report, and support litigation in cases involving financial irregularities. This section explores the key sectoral statutes that shape the practice of forensic auditing in India:

Income Tax Act, 1961: The Income Tax Act plays a pivotal role in forensic investigations involving tax evasion, undisclosed income, and shell entities. Forensic auditors often assist tax authorities and legal teams in identifying and quantifying unaccounted wealth.
Key Provisions:

• Section 68: Unexplained cash credits—if the assessee fails to explain the nature and source of any sum credited in the books, it is deemed taxable income.
• Section 69: Unexplained investments—investments not recorded in the books and inadequately explained are treated as income.
• Section 69A: Unexplained money, bullion, jewelry—ownership without proper documentation leads to tax liability.
• Section 69B: Investments exceeding recorded amounts—where excess expenditure is deemed income.
• Section 69C: Unexplained expenditure—if the source of spending is not satisfactorily explained, it is taxed.

Prevention of Money Laundering Act (PMLA), 2002: The PMLA is central to forensic investigations involving proceeds of crime. It empowers the Enforcement Directorate (ED) to investigate, attach, and confiscate assets derived from criminal activity.
Key Provisions:

• Section 3: Defines the offense of money laundering as the process of concealing, possessing, acquiring, or using proceeds of crime and presenting them as untainted.
• Section 4: Prescribes punishment—rigorous imprisonment of three to seven years (extendable to 10 years for offenses under Part A of the Schedule) and fines up to five lakhs.
• Section 5: The ED can provisionally attach property suspected to be the proceeds of a crime, pending adjudication.

Prevention of Corruption Act 1988 (Amended 2018): The Prevention of Corruption Act, originally enacted in 1988 and amended in 2018, expands the scope of corruption offenses to include private sector actors and introduces corporate criminal liability. It criminalizes money laundering and requires reporting entities to maintain records and report suspicious transactions to the Financial Intelligence Unit (FIU-IND), thereby aiding in the tracking of illicit funds.
Key Amendments:

• Bribe Giving Criminalized: Individuals and entities offering undue advantage to public servants are now punishable (Section 8).
• Corporate Liability: Commercial organizations can be held liable if individuals associated with them engage in bribery (Section 9).
• Adequate Procedures Defense: Companies can defend themselves by demonstrating that they have adequate anti-bribery controls in place (Section 9).
• Redefined Criminal Misconduct: Now limited to misappropriation and possession of disproportionate assets (Section 13).

Fugitive Economic Offenders Act, 2018: This Act targets individuals who evade prosecution by remaining outside India and empowers authorities to confiscate their assets.
Key Features:

• Fugitive Economic Offender (FEO): Defined as a person against whom an arrest warrant has been issued for a scheduled offense and who refuses to return to India (Section 2).
• Scheduled Offences: Includes fraud, money laundering, tax evasion, and corruption (Section 2).
• Confiscation of Property: Includes both proceeds of crime and other assets, including benami properties (Section 5).
• Bar on Civil Claims: FEOs are prohibited from defending or initiating civil claims in Indian courts (Section 14).
• Administrator Appointment: To manage and dispose of confiscated assets (Section 15).

Banking Regulation Act, 1949 gives the RBI powers to inspect banks (Section 35), issue directions in the public interest (Section 36), penalize false statements fraud (Section 46), and remove top officials (Sections 10B / 10BB). RBI mandates forensic audits in cases of loan frauds exceeding ₹50 crore, non-performing asset manipulation, or wilful default and fund diversion. RBI's Master Directions on Fraud Risk Management, revised in July 2024, mandates early detection, reporting, and governance for banks, cooperative banks, and non-banking financial companies (NBFCs). These include Early Warning Systems (EWS) integrated with core banking solutions and Red Flagged Accounts (RFA) reporting.

The SEBI Act, 1992, under Section 11C, empowers the Securities and Exchange Board of India (SEBI) to initiate investigations into intermediaries, listed entities, and any person associated with securities transactions when there is suspicion of market manipulation, insider trading, fraudulent practices, or accounting irregularities. SEBI can mandate forensic audits to uncover misrepresentation in financial disclosures, diversion of funds, and non-compliance with listing obligations. These audits are conducted by independent forensic firms and often lead to enforcement actions such as freezing of assets, market bans, monetary penalties, or referrals to agencies like the SFIO or ED. SEBI's (Prohibition of Fraudulent and Unfair Trade Practices relating to Securities Market) Regulations, 2003, last amended June 28, 2024, prohibits fraud in securities dealings, manipulative practices, and unfair trade by intermediaries. Recent amendments introduce definitions for "mule accounts" and clarify the acts that constitute fraudulent practices.

Insurance Act, 1938: Under Section 33, the Insurance Regulatory and Development Authority of India (IRDAI) holds the authority to direct investigations into the affairs of insurers, reinsurers, and intermediaries to ensure compliance with regulatory norms and protect policyholder interests. These investigations encompass scrutiny of underwriting practices, claims settlement procedures, solvency margins, and grievance redress mechanisms. The IRDAI's Insurance Fraud Monitoring Framework, issued in 2013, requires insurers to follow due diligence, establish risk management committees, and have board-approved fraud detection policies. It addresses both hard and soft frauds, such as exaggerated claims, to protect policyholders. In recent years, IRDAI has actively investigated cases of mis-selling, claim-denial irregularities, and data privacy breaches, reinforcing its role as a vigilant regulator in the insurance sector.

Information Technology Act, 2000, now complemented by the Bharatiya Nyaya Sanhita (BNS), 2023, and the Bharatiya Sakshya Adhiniyam (BSA), 2023, together modernize the criminal and evidentiary landscape for digital investigations. The IT Act, 2000, remains the principal legislation governing cybercrime, electronic commerce, digital signatures, and data protection in India.

Key Provisions Relevant to Forensic Auditors:

• Section 65: Tampering with computer source documents—criminalizes intentional destruction or alteration of source code.
• Section 66: Hacking—covers unauthorized access and damage to computer systems.
• Section 66B: Dishonest receipt of stolen computer resources or communication devices.
• Section 66C: Identity theft—fraudulent use of digital signatures, passwords, or unique identifiers.
• Section 66D: Cheating by impersonation using computer resources.
• Section 66E: Violation of privacy—publishing private images without consent.
• Section 66F: Cyber terrorism—unauthorized access to protected systems with intent to threaten national security.
• Sections 68–71: Non-compliance with government orders, failure to decrypt data, unauthorized access to protected systems, and misrepresentation.

Auditing Standards

The Institute of Chartered Accountants of India (ICAI) provides a professional framework for conducting forensic audits. While ICAI is not a statutory enforcement agency, its standards are binding on all members and serve as the benchmark for professional conduct and audit quality.

Reports submitted by SFIO or ICAI-certified forensic auditors are admissible as expert evidence under the Bharatiya Sakshya Adhiniyam (BSA), 2023.

The Forensic Accounting and Investigation Standards (FAIS) issued by the ICAI are now mandatory for all forensic engagements conducted by ICAI members from July 1, 2023, onwards. These standards apply to both public and private sector assignments, including those initiated by regulators, law enforcement agencies, courts, and corporate entities. FAIS is designed to be compatible with:

• Companies Act, 2013: especially Sections 143 and 447 on fraud reporting and investigation
• Bharatiya Sakshya Adhiniyam (BSA), 2023: on evidentiary standards and admissibility
• Bharatiya Nyaya Sanhita (BNS), 2023: on substantive offenses such as breach of trust, forgery, and conspiracy
• Information Technology Act, 2000: on digital evidence and cybercrime
• PMLA and SEBI regulations: on financial crime and market misconduct.

The FAIS framework comprises an Implementation Guide on FAIS and a compendium of standards organized into thematic categories that cover the entire lifecycle of a forensic engagement. These include:

• Engagement Planning: including legal mandates, client expectations, scope limitations, jurisdictional issues, preliminary risk assessment, confidentiality agreements, and conflict disclosures.
• Evidence Collection and Analysis: Chain of custody, data analytics software, digital forensics platforms, and document review systems, conducting structured interviews, and red flag identification using behavioural, transactional, and systemic indicators.
• Reporting and Documentation: Clear, concise, and objective, with sections on background, methodology, findings, conclusions, and recommendations, including appendices, exhibits, and digital logs, capable of withstanding scrutiny in court and regulatory proceedings. FAIS also provides guidance on drafting expert witness reports, affidavits, and response documents for rebuttal or cross-examination.

Conclusion: India’s Future Direction and Strategic Imperatives

India's financial fraud regulations, anchored by the Companies Act, 2013, and strengthened by the new criminal laws BNS and BSA 2023, provide a comprehensive framework to combat fraud. Regulatory bodies, such as the RBI, SEBI, and SFIO, alongside professional standards, ensure robust oversight. Organizations must adopt proactive approaches combining vigorous internal controls, advanced technology, and strong governance frameworks. Given the complexity of modern financial fraud regulations, professionals must stay current with evolving regulatory requirements and emerging fraud detection technologies. The success of this effort requires collaboration between regulators, financial institutions, technology providers, and law enforcement agencies to create a broad defence against financial crimes.

Acknowledgements

We would like to thank our colleagues, Rajat Khandelwal and Akshay Rathi, for providing insight and expertise that greatly assisted this research.