Please click here to download the Prism as PDF.

The fourth quarter of 2024 has witnessed significant enforcement actions and judicial developments. In addition to multiple arrests, raids, and investigations undertaken by the Central Bureau of Investigation (“CBI”) and the Enforcement Directorate (“ED”), this quarter also witnessed some notable judicial developments surrounding the white collar crimes. The following newsletter sets out the key trends, enforcements, and developments within the white-collar crime and corporate internal investigations landscape for the fourth quarter of 2024 i.e., (October – December 2024).

Enforcements Landscape

ED Charges Indian foreign service officer and spouse in investment fraud case

In November 2024, the ED filed a chargesheet against an Indian foreign service officer, her husband, and his related companies on charges of money laundering with an alleged investment fraud. A total of 33 (thirty-three) First Information Reports (FIR’s) were filed/registered by the Uttar Pradesh police against the accused individuals further to which a prosecution complaint was filed by ED under the Prevention of Money Laundering Act, 2002 (PMLA) on September 2, 2024 and cognisance was taken by a Lucknow-based special court on November 25, 2024. The chargesheet alleged that investors were lured into fraudulent schemes under the garb of high rate of returns. Reportedly, the investors were defrauded to the tune of INR 60,00,00,000 (Indian Rupees sixty crore) and the ED has provisionally attached assets worth INR 9,10,00,000 (Indian Rupees nine crore ten lakh) in connection with the case.

CBI uncovers major bribery scandal at Santacruz Electronic Export Processing Zone

In December 2024, the CBI revealed a significant bribery case involving high-ranking officials of the Santacruz Electronic Export Processing Zone (“SEEPZ”). As per media sources, CBI arrested 7 (seven) public servants, including a joint and a deputy development commissioner, 2 (two) assistant development commissioners, and an authorised officer of SEEPZ-Special Economic Zone, Mumbai, in a bribery case involving allegations of collusive corruption. Further, several searches were conducted at the official and residential premises of the accused across various locations in Mumbai which led to the recovery of documents pertaining to 27 (twenty-seven) immovable properties and 3 (three) luxury vehicles found at the residence of the accused joint development commissioner. Additionally, cash totalling INR 61,50,000 (Indian Rupees sixty-one lakh fifty thousand) was recovered from the premises of the accused, including INR 47,00,000 (Indian Rupees forty-seven lakh) from the residence of one assistant development commissioner.

ED arrests Chinese nationals behind exploitative digital loan scam

In November 2024, the ED arrested 2 (two) Chinese nationals in connection with a money laundering case (registered under PMLA) related to digital loan applications operating across India. The detained individuals were accused of operating illegal digital loan applications to scam individuals during the covid-19 pandemic. The case centred around several Chinese-run digital lending applications offering short-term loans at exorbitant interest rates. These applications charged massive upfront processing fees, sometimes as high as 30 per cent and exploited the borrowers through threats and defamatory tactics. Further, as per media sources and investigations it was reported that transactions worth INR 3,54,00,000 (Indian Rupees three crore fifty-four lakh) in bitcoin had been transferred and were later converted into Indian currencies to fund loan disbursements.

Cybercrimes in India

ED seizes assets in ‘Bit connect Crypto’ scam

In October 2024, the ED, attached immovable properties (as proceeds of crime) having market value worth INR 47,70,00,000 (Indian Rupees forty-seven crore seventy lakh) in connection with the Bit connect cryptocurrency fraud under the provisions of PMLA. The ED initiated investigation on the basis of FIRs registered by the Crime Investigation Department (CID). Reportedly, as per the investigation done so far, promoters of the BitConnect coin (a cryptocurrency), and his associates established a worldwide network, induced public to invest in various investment schemes and cheated the investors. Previously, ED had attached assets to the tune of INR 488,00,00,000 (Indian Rupees four hundred and eighty-eight crore) (approx.) and arrested promoters accomplice on August 13, 2024.

CBI unveils widespread fraud in ‘Dibrugarh Investment Scam’.

In November 2024, the CBI submitted a chargesheet against the accused individuals in the ‘Dibrugarh Investment Scam’ which was being investigated at the request of the State Government. The accused individuals used deceptive means, to lure investors with the promise of guaranteed 30% returns who were subsequently cheated/defrauded and their funds were misappropriated for personal gains. The accused used an online platform www.tradingfx.live to defraud the investors. M/s TradingFX, is an online firm involved in the Dibrugarh Investment Scam, which is part of a broader financial crime in Assam. As per media sources, the program deceived investors of INR 260,00,00,000 (Indian Rupees two hundred and sixty crore) and defrauded over 1,50,000 (one lakh fifty thousand) investors. Further, a thorough investigation was concluded within 90 (ninety) days by CBI which revealed evidence of extensive misappropriation and led to the seizure of mobile phones, desktops, hard drives, and laptops containing details of depositors who were deceived into investing in these unregulated deposit schemes.

Legislative / Regulatory Developments

CERT-In Advisory on Deepfake technology

On November 27, 2024, CERT-In issued an advisory note on ‘Deepfake – Threats and Countermeasure’ as deepfake technology, which uses Artificial Intelligence (“AI”) to create highly realistic and convincing fake videos, images, and audio, poses significant risks, including disinformation, fraud, and social engineering attack. The advisory offers practical measures to detect and prevent deepfake scams, including verifying sources, looking for distinctive signs of manipulation, and using multi-factor authentication. The organisations are advised to take following measures such as use of watermark, implementation of the verification protocols for digital communications, use of advance detection tools for identification of the deepfake videos/images/content, digital forensic capabilities, develop a crisis management strategy, and conduct regular security audits.

Insurance Regulatory and Development Authority of India press release on information security

The Insurance Regulatory and Development Authority of India (“IRDAI”) has issued a press release addressing recent data breaches reported by (two) insurers. The IRDAI emphasises the importance of data security and outlines the steps being taken to protect policyholders’ data and interests. It is recommended to implement robust Information Technology (“IT”) and cyber security frameworks and appoint the independent auditor for comprehensive IT audits. The Indian insurers are also recommended to address the Agent performance Indicator (API) vulnerabilities, gap assessments, and ‘Vulnerability Assessment and Penetration Testing’ (VAPT) issues to strengthen the data protection measures.

India Strengthens cybersecurity with advanced forensic labs and nationwide initiatives

In 2024, the Ministry of Home Affairs intensified its fight against cybercrime through the Indian Cyber Crime Coordination Centre (I4C) and the National Cyber Crime Reporting Portal. Key achievements include safeguarding public funds through the Citizen Financial Cyber Fraud Reporting System, blocking fraudulent SIM cards and IMEIs linked to cyber fraud, and launching advanced forensic laboratories in New Delhi and Hyderabad, aiding thousands of investigations. Over 1,00,000 (one lakh) officials have been trained in cyber hygiene, supported by extensive awareness campaigns via SMS, social media, and public outreach.

Under the Cyber Crime Prevention for Women and Children (CCPWC) initiative, significant investments have enhanced cyber forensic labs and the training of law enforcement agencies across India’s states and union territories.

Judicial Discourse

The Supreme Court of India (“Supreme Court”) in 2 (two) separate cases applied beneficial provisions of the Bharatiya Nagarik Suraksha Sanhita, 2023 (“BNSS”) or the Code of Criminal Procedure, 1973 (“CrPC”) to the PMLA. In Badshah Majid Malik vs. Directorate of Enforcement and Ors,[1] the court applied Section 479(1) of the BNSS and granted bail to an accused who had spent more than one-third of the maximum imprisonment for the offence of money laundering. In Directorate of Enforcement vs. Bibhu Prasad Acharya,[2] the Supreme Court held Section 197(1) of the CrPC applicable to the PMLA, which relates to grant of prior sanction while prosecuting public servants. Because of non-compliance with Section 197(1), a cognisance order passed under the PMLA was quashed.
The Supreme Court in Asha Dubey vs. The State of Madhya Pradesh[3] held that if an accused is declared a proclaimed offender under Section 82 of the CrPC, the same would not automatically disentitle such accused from seeking anticipatory bail, if otherwise grounds for bail are made out.
In R. Ajayan vs. The State of Kerala,[4] the Supreme Court reiterated that a third party can maintain a challenge to quashing of criminal proceedings against an accused, if such third party has a bona fide connection with the matter. The judgment reinforced the loose nature of locus standi with respect to criminal proceedings.
The Supreme Court in Director, Enforcement Directorate vs. Vilelie Khamo.[5] held that discharge in a predicate offence would not entitle a person to challenge summons issued to such person under Section 50 of the PMLA, since the same is in early stages in the PMLA proceedings. The Supreme Court left open the legal question of whether subsequent to such summons, such person could be arrayed as an accused under PMLA.
The Jharkhand High Court (“Jharkhand HC”) in Irshad vs. State of Jharkhand[6] sentenced police officers to imprisonment for violation of the Supreme Court’s judgment in Arnesh Kumar State of Bihar[7] which laid down the guidelines and procedure for arrest in offences punishable by less than 7 (seven) years’ imprisonment. The Jharkhand HC held that ‘pre-printed check lists’ listing the reasons for arrest in the affirmative are not in compliance with Section 41(1)(b) of the CrPC. The Jharkhand HC further directed compensation to be paid to the victims, who were delivery agents of an e-commerce company accused of committing fraud by asking for ‘one-time passwords’ (OTPs) for deliveries.
The Punjab & Haryana High Court in MGF Developments Ltd. vs. Enforcement Directorate[8] held that a writ petition against a provisional attachment order (PAO) passed under Section 5 of the PMLA would not ordinarily be maintainable before the elapsing of the statutory period of 30 (thirty) days within which the ED is required to file a complaint before the Adjudicating Authority (“AA”), the AA being the alternative remedy provided within the PMLA.
The Madras High Court in Sterling Futures & Holidays Ltd. vs. Enforcement Directorate[9] held that even properties purchased prior to the scheduled offence may be attached under Section 5 of the PMLA if the criminal activity relating to the scheduled offence takes place outside the country. It was not necessary for the attached properties to be purchased from the proceeds of the crime, as long as the attached properties were equivalent in value.

International Developments

European Union Cyber Resilience Act: A landmark in digital security

In 2024, the European Union (“EU”) introduced the Cyber Resilience Act (“CRA”), a groundbreaking regulation aimed at bolstering the cybersecurity of digital devices. The new law introduces cybersecurity requirements for products with digital elements with a view to ensuring that products, such as connected home cameras, fridges, TVs, and toys, are safe before they are placed on the market.

As per the official media sources, the EU CRA was adopted by the Council of the EU on October 10, 2024. Following this adoption, the legislative act will be signed by the presidents of the Council and of the European Parliament and thereafter be published in the EU’s official journal. The new regulation will enter into force 20 (twenty) days after this publication and will apply 36 (thirty-six) months after its entry into force with some provisions to apply at an earlier stage.

Securities and Exchange Commission charges US based Moog Inc. with violations under the Foreign Corrupt Practices Act for subsidiary’s role in India

In October, 2024 the Securities and Exchange Commission (“SEC”) today announced that Moog Inc., a New York-based global manufacturer of motion controls systems for aerospace, defence, industrial and medical markets, agreed to pay a civil penalty of USD 1,100,000 (US Dollars one million one hundred thousand) to resolve the SEC’s charges that it violated the recordkeeping and internal accounting controls provisions of Foreign Corrupt Practices Act arising out of bribes paid (through third parties) by its wholly owned Indian subsidiary ‘Moog Motion Controls Private Limited’ to Indian officials to win business.

This Newsletter has been prepared by: