You are the statutory auditor of a mid-sized trading company. During year-end cash testing, you find Rs. 4 crore in cash deposits across 12 branches on consecutive days, totals identical, depositors unrelated to the company. Client explains it as "cash sales from diverse customer base". Your gut says STRUCTURED DEPOSITS. Classic money-laundering pattern. Your duty: Prevention of Money Laundering Act (PMLA) 2002 + CA code of ethics require you to either get a satisfactory explanation or REPORT to Financial Intelligence Unit (FIU). The ethical path is clear, the practical path is not. And telling the client you are reporting is itself a separate offence.
By the end, you will know the auditor's obligations under PMLA, the red flags of structured deposits, the CA Act's confidentiality vs disclosure balance, and the tipping-off offence that complicates communication.
The conflict. Confidentiality vs PMLA disclosure
CA Act Schedule I Part I makes client confidentiality sacrosanct: a CA cannot disclose client information to third parties without client consent, regardless of circumstances, or face professional misconduct charges. PMLA 2002 section 12 makes auditors "reporting entities" required to report suspicious transactions to FIU-IND within 7 days of suspicion formation. When these conflict, PMLA wins. STATUTORY OBLIGATION OVERRIDES CONTRACTUAL CONFIDENTIALITY. The CA Act itself carves out an exception for statutory disclosures.
This is tested across CA ethics papers: a case presents a client transaction, candidates decide whether to stay confidential or report. The correct answer hinges on whether reasonable suspicion exists. A judgment call, but one the auditor must make without waiting for definitive proof.
Red flags of money laundering
STRUCTURED DEPOSITS. Multiple deposits just below the Rs. 10 lakh cash-transaction reporting threshold, often from different parties on consecutive days.
UNUSUAL CASH FLOW relative to business nature. A software services firm with Rs. 10 crore of cash receipts.
TRANSACTIONS WITH SHELL COMPANIES. No operations, identical directors, identical addresses, high turnover.
RAPID IN-AND-OUT TRANSFERS with no business rationale. Funds received, transferred out within days with no corresponding goods or services.
REFUSAL TO PROVIDE KYC of ULTIMATE BENEFICIAL OWNER (UBO). If UBO cannot be identified, the transaction purpose cannot be verified.
Red flags are INDICATORS, not proof. The auditor's duty is to investigate further, request explanations, assess satisfaction of the explanations. If explanations are unsatisfactory and the red flag persists, reporting obligation kicks in. The judgment is: "does a reasonable professional consider this suspicious?"
The tipping-off offence
Telling the client you are reporting = "TIPPING OFF" = up to 2 YEARS IMPRISONMENT + FINE under PMLA section 45. Report silently to FIU via STR (Suspicious Transaction Report). Do not discuss with client beyond the confirmation queries already made (client-facing confirmations about suspicious transactions are permitted as part of audit procedures; any discussion of the reporting decision itself is tipping off).
This creates tension: auditor must continue providing audit services to the client while silently reporting suspicious activity. The ethics papers test this by asking candidates to draft procedures that maintain auditor independence (and reporting duty) while not compromising ongoing audit work. Correct answers involve: documenting suspicions privately, filing STR to FIU directly, continuing audit work normally, avoiding discussion of the STR with the client.
Tipping-off is a separate offence
Telling the client you are reporting = tipping off = up to 2 years imprisonment + fine under PMLA section 45. Report silently to FIU via STR. Do not discuss with client beyond audit-process queries already made.
Tipping-off is a separate offence
Telling client about STR filing = tipping off = PMLA section 45, up to 2 years imprisonment. Report silently, continue audit work normally.
STR vs CTR. Discretionary vs mechanical
STR (Suspicious Transaction Report) = discretionary, based on auditor suspicion. CTR (Cash Transaction Report) = MECHANICAL, triggered by cash aggregation > Rs. 10 lakh, no judgment required. Both flow through FIU-IND portal.
Auditor protection under PMLA
PMLA section 15 protects auditors filing STRs in good faith. Immune from civil / criminal liability for disclosure. This protection is essential; without it, no auditor would file STRs. Good-faith filings are protected even if subsequent investigation reveals no laundering.
Key Takeaways
PMLA 2002 overrides CA confidentiality when suspicion exists.
STR within 7 days of suspicion formation.
Red flags: structured deposits, shell companies, UBO refusal, rapid transfers.
Tipping off the client = 2-year offence under PMLA section 45.
CTR is mechanical on cash > Rs. 10L aggregation. Not judgment-based.
Read Next
Ethics at an auditor level. The CFA curriculum frames ethics differently. Not as professional duty to a regulator but as commitments to the GIPS standards and the CFA Institute Code.
