Please click here to download the Newsletter as PDF.
The second quarter of 2025 i.e., (April – June 2025) has seen significant enforcement actions and judicial developments. In addition to multiple arrests, raids, and investigations undertaken by the Central Bureau of Investigation (“CBI”), the Securities and Exchange Board of India (“SEBI”), and the Enforcement Directorate (“ED”), this quarter also witnessed some notable legislative developments surrounding cybersecurity and white-collar crimes.
Enforcements landscape
Prevention of Money Laundering Act, 2002
ED attaches substantial assets in real estate fraud across India
In May 2025, the ED provisionally attached properties valued at approximately INR 2,348 crore (Indian Rupees two thousand four hundred forty-eight crore) in connection with a real estate fraud. The case pertains to a Faridabad based company and its associated entities, which collected over INR 3,000 crore (Indian Rupees three thousand crore) from nearly 12,000 (twelve thousand) investors by inducing them with promises of guaranteed returns. However, the funds were allegedly misappropriated by the promoter through shell companies and laundered to overseas entities based in Singapore, reportedly controlled by family members of the promoter and have been identified as proceeds of crime. The investigation was initiated under the Prevention of Money Laundering Act, 2002 (“PMLA”), following registration of over 30 (thirty) First Information Reports (“FIRs”) against the accused, with the promoter of the accused companies being arrested for the same.
ED attaches significant assets in the National Spot Exchange Limited fraud case
In April 2025, the ED froze immovable assets worth around INR 116 crore (Indian Rupees one hundred and sixteen crore) in relation to the National Spot Exchange Limited (“NSEL”) scam. The frozen assets belong to individuals and entities charged with conning investors by luring them to fund non-existent stock with illusory commodity transactions and spurious warehouse receipts. The ED investigation under the PMLA found that the money thus collected was laundered through benami and shell companies and invested in property and benami assets. They also charged the accused of forgery of documents, manipulation of trading information, and fraudulent collection of money from almost 13,000 (thirteen thousand) investors.
Kolkata Digital ‘Arrest Fraud’ case
The ‘Arrest Fraud’ case had been initially discovered through a 2023 FIR wherein the cheats had posed as officials of ED, CBI, and other departments and threatened victims with virtual arrest warrants to extort money. On April 2, 2025, the ED filed its first charge sheet in the case. The investigation discovered that over INR 1,500 crore (Indian Rupees one thousand five hundred crore) of funds were laundered through over 300 (three hundred) mule bank accounts, with funds being rapidly layered through crypto exchanges, shell companies, and foreign handlers. The operation was traced to Dubai, while 350 (three hundred and fifty) SIM cards were activated in Kolkata and physically shipped out of the country for use in the scam. The ED has invoked the PMLA, conducting searches and freezing assets worth INR 10,00,00,000 (Indian Rupees ten crore).
Prevention of Corruption Act, 1988
CBI registers FIR following Lokpal’s orders in bribery case at Container Corporation of India Limited
According to the FIR dated June 12, 2025, there was an illegal excavation and misappropriation of Government land at Container Corporation of India Limited (“CONCOR”) freight terminal situated in Mihan, Nagpur. The actions are reported to have resulted in a loss of around INR 1,62,00,000 (Indian Rupees one crore sixty-two lakh) to the public exchequer. The FIR registered by the CBI identifies a former CONCOR Deputy General Manager (“DGM”) and other persons who are charged with abetting criminal activity. The Lokpal has asked the CBI to carry out a regular investigation under the Prevention of Corruption Act, 1988 (“POCA”) and the provisions of the Indian Penal Code, 1860 (“IPC”) which is still ongoing.
CBI probe against Indian Revenue Service officer in bribery case
On May 31, 2025, CBI initiated investigations against an Indian Revenue Service (“IRS“) officer deployed as Joint Commissioner with the Directorate General of Trade Remedies, New Delhi pursuant to him demanding a bribe of INR 45,00,000 (Indian Rupees forty-five lakh) from a businessman in exchange for favorable official support. The CBI carried out a trap operation on June 1, 2025, wherein a middleman was apprehended red-handed for accepting INR 25,00,000 (Indian Rupees twenty-five lakh) on behalf of the IRS officer. Later, CBI officials conducted major searches at the officer’s house, office, and other connected premises and seized cash, gold, and silver, the value of which indicates likely disproportionate assets. The middleman and the IRS officer were arrested under provisions of the POCA, with the investigation still in progress.
CBI arrests government officials in Income Tax fraud case
On April 25, 2025, the CBI arrested a serving IRS officer and other income tax officials. The accused persons were suspected of leaking the identities of tax assessment officers in violation of law and asking for bribes in return for beneficial assessment results, based on evidence including documents, digital data, and suspected bribe money recovered in preceding searches. This compromises the Government’s Faceless Assessment Scheme, which was introduced in 2020 to ensure anonymity and eliminate physical interface between taxpayers and tax officials in income tax assessments. The CBI has filed a criminal case under the POCA and IPC. The CBI has confirmed that further investigation is underway to identify the full extent of the conspiracy and trace the proceeds of crime.
SEBI (Prohibition of Insider Trading) Regulations, 2015
SEBI action against former India Infoline Finance Limited executive in front-running case
On June 17, 2025, SEBI passed an interim order in a major front-running and market manipulation case involving a former India Infoline Finance Limited market expert. The investigation revealed the individuals bought shares of the chosen companies through a chain of inter-linked trading accounts before making positive investment suggestions through television shows and social media. Once the recommendations were made, stock prices surged, allowing the individuals to sell their holdings at a significant profit, thereby misleading retail investors. SEBI concluded that the action of the noticee and associated persons was in contravention of the SEBI (Prohibition of Insider Trading) Regulations, 2015 and the SEBI Act, 1992. Accordingly, SEBI issued an interim order impounding INR 11,37,00,000 crore (Indian Rupees eleven crore thirty-seven lakh) of illegal gains and banned the noticee and associated others from accessing the securities market until further orders.
Information Technology Act, 2000
Delhi Jal Board Malware Scam
In April 2025, Delhi- National Capital Region, received complaints of a mobile app that was impersonating the government’s official, Delhi Jal Board app. The accused had reportedly spread malware-filled apps that infected the devices of their victims, allowing for unauthorised access to WhatsApp chats, personal documents, and banking details. The CBI subsequently filed a case under provisions of the IPC and the Information Technology Act, 2000, for criminal conspiracy, cheating, unauthorised access, hacking and theft of data. On April 17, 2025, the CBI arrested a principal accused from Patna, for spreading the malware and running the infrastructure from where data was being stolen. Mobile phones, laptops, and storage devices have been taken into custody and are under forensic examination.
Legislative/regulatory developments
Advisories of Indian Computer Emergency Response Team on Essential Measures for Safeguarding Business Operations against Cyber Security Threats
On May 10, 2025, the Indian Computer Emergency Response Team issued 2 (two) advisories on essential measures for safeguarding business operations against cyber security threats, one for industry, and one for Micro, Small, and Medium Enterprises. Both advisories talk about similar points on the matter, with the industry’s list being more detailed and comprehensive due to higher risk of cyber-attacks. The advisories’ suggestions included, but were not limited to, strategies such as strengthening authentication and access control, patch management, web server and infrastructure protection, implementation of robust data protection strategies, zero trust architecture, etc.
The Indian Cybercrime Coordination Centre brought under ambit of PMLA
The Indian Cybercrime Coordination Centre (“I4C”), established by the Ministry of Home Affairs (“MHA”), has been brought under the list of entities as under Section 66 of the PMLA through a gazette notification dated April 25, 2025. This will allow the I4C to share and receive information with the ED to combat the growing number of cases in the intersection of cybercrime-related financial transactions. This is more a supporting role, as it does not give the I4C any prosecuting power under the PMLA.
Introduction of e-Zero FIR system
On May 15, 2025, the MHA introduced the e‑Zero FIR system to streamline the registration of cybercrime complaints, particularly those involving financial fraud. The system enables the lodging of FIRs instantaneously and automatically through the National Cybercrime Reporting Portal (“NCRP“) and 1930 cybercrime helpline, regardless of geographical location of the offence. The e-Zero FIR system is rooted in provisions in the Bharatiya Nagarik Suraksha Sanhita, 2023 (“BNSS“), which legally codifies the idea of Zero FIRs. As a part of its first phase, the system has been implemented in Delhi for fraud complaints over INR 10,00,000 (Indian Rupees ten lakh), with future plans to extend it to other large cities such as Mumbai and Kolkata.
International Financial Services Centres Authority updates the 2022 Guidelines on Anti-Money Laundering, Counter-Terrorist Financing, and Know Your Customer
On June 5, 2025, the International Financial Services Centres Authority issued a circular amending the 2022 Guidelines on Anti-Money Laundering (AML), Counter-Terrorist Financing (CFT), and Know Your Customer (“KYC”). The notable changes include: (a) stricter address proof requirements; (b) Indian residents to comply with the Central KYC Records Registry (CKYCR) norms by providing their KYC identifier and enabling access to online KYC records; (c) updated customer data which must be uploaded to CKYCR within 7 (seven) days, triggering automatic updates across regulated entities; and (d) for foreign nationals, wherein KYC submission to CKYCR remains optional, with identity/address proof permitted from foreign government sources if documents like passport, driving license, or voter ID card are provided.
Extension towards adoption and implementation of cybersecurity and cyber resilience framework for SEBI regulated entities
On June 30, 2025, SEBI issued a circular extending the compliance timeline for implementation of cybersecurity and cyber resilience framework by 2 (two) months, i.e., till August 31, 2025, for all regulated entities, except Market Infrastructure Institutions, KYC Registration Agencies, and Qualified Registrars to an Issue and Share Transfer Agents.
Judicial discourse
Judgments by the Supreme Court of India
- The Hon’ble Supreme Court of India (“Supreme Court”) in Kushal Kumar Agarwal vs. Directorate of Enforcement[1] held that before a cognizance is taken of the offence of money laundering under the PMLA, the accused must be given an opportunity to be heard, a right created by the proviso to Section 223(1) of the BNSS. The Supreme Court relied on its previous ruling in Tarsem Lal vs ED[2] which had held that Sections 200-204 of the Code of Criminal Procedure 1973 (“CrPC”) would apply to the PMLA and proceeded to hold that the corresponding Sections 223-226 of the BNSS are also applicable to the PMLA. This is an important development since the question of applicability of general criminal procedure (under the CrPC or BNSS) to the investigation and trial of the offence of money laundering comes up repeatedly, especially when general criminal procedure is beneficial to the accused.
- In Aman Bhatia vs. State (GNCT of Delhi)[3], the Supreme Court held that licensed stamp vendors who procure State‑issued stamp papers qualify as ‘public servants’ under Section 2(c)(i) of POCA. However, despite affirming this status, the Court set aside Aman Bhatia’s conviction under Sections 7 and 13(1)(d) r/w 13(2) of POCA, concluding that the prosecution failed to prove the essential element of demand for an illegal gratification beyond reasonable doubt; mere recovery of tainted currency was insufficient without evidence of a demand or acceptance.
- In Sarla Gupta and Anr. vs. Directorate of Enforcement[4], the Supreme Court held that an accused under PMLA must be provided not just the documents relied on by the ED but also those not relied upon. The Supreme Court located this in the fair trial rights of an accused under Article 21 of the Constitution of India and permitted the accused to seek disclosure of such documents at the appropriate stage under Section 91 of the CrPC/94 of the BNSS or at the stage of defence evidence under Section 233 of the CrPC/256(b) of the BNSS. The Supreme Court further emphasised that due to the onerous reverse burden of proof placed on the accused by Section 24 of the PMLA, it became even more important to protect the right of accused to call for documents and cross-examine witnesses not brought forth by the prosecution.
- The Supreme Court in Krishna Mohan Reddy vs. State of Andhra Pradesh[5] held that at the time of consideration of bail or anticipatory bail, the statement made by an accused person to the police (under Section 161 of the CrPC) implicating a co-accused cannot be looked at. Only the statement of a witness recorded under Section 161 of the CrPC may be considered at this stage, and even for the said purpose, courts should be cautious whether such witness is actually a witness or may later be arrayed as an accused.
- The Karnataka High Court in Sri D.S. Veeraiah vs. State of Karnataka and Anr.[6] quashed a bribery case where the prosecution had deliberately avoided invoking the POCA initially to bypass Section 17A and subsequently added POCA charges after filing the chargesheet. The bench emphasised that post-facto sanction under Section 19 of the POCA cannot cure the illegality of bypassing Section 17A which requires prior approval for investigation of certain offences under the POCA.
- The Punjab and Haryana High Court in Sachin Ahlawat vs. CBI[7] quashed criminal proceedings, holding that in the absence of valid sanction under section 19 of the POCA for prosecution of an offence under the POCA, an accused cannot be held liable simply by way of invoking the offence of criminal conspiracy under section 120B of the IPC. The decision is relevant since criminal conspiracy is frequently used to implicate persons against whom no substantive offence is alleged, due to the relaxed evidentiary requirements for proving the offence of conspiracy.
International developments
United Kingdom Data (Access and Use) Act, 2025
On June 19, 2025, the United Kingdom Data (Access and Use) Act, 2025 (“UK Data Act”), received Royal Assent – reforming the United Kingdom (“UK”) data protection and digital regulation landscape. The UK Data Act seeks to maximise innovation, economic growth, and efficiency in public services. It updates the UK General Data Protection Regulation (“UK GDPR”) and the Privacy and Electronic Communications Regulations (“PECR”). Significant amendments are tighter Data Subject Access Request (“DSAR”) timelines, broader cookie usage without opt-in (with transparency and opt-out right), and greater PECR fines in line with the GDPR. The UK Data Act substitutes the Information Commissioner for the Information Commission, which is given greater enforcement powers, including issuing legal notices, creating stakeholder panels, and requesting reports from data controllers to provoke compliance.
New Foreign Corrupt Practices Act enforcement guidelines
On June 9, 2025, the US Department of Justice (“DOJ”) issued new guidelines for the enforcement of the Foreign Corrupt Practices Act (“FCPA”) after an Executive Order (“Order”) signed on February 10, 2025, by President Trump. The Order asked the DOJ to put new investigations on hold (except with the approval from the Attorney General), reassess open cases, and create enforcement guidelines that fall in line with 4 (four) priorities. They are namely eradicating bribery associated with Cartels and Transnational Criminal Organisations (“TCOs”), safeguarding US companies’ global competitiveness, furthering national security, and prioritising significant misconduct. The guidance promotes materiality and individual responsibility, discourages reliance on traditional practice, and seeks to prevent corruption without unnecessarily burdensome US business abroad.
World Bank Hosts 2025 Anti-Corruption Forum in Washington D.C
In April 2025, the Partnerships for Anticorruption Global Forum was held in Washington, D.C., hosted by the World Bank’s Anticorruption for Development Program (AC4D) and the International Corruption Hunters Alliance (ICHA). The Forum highlighted the role of partnerships in combating corruption and featured online sessions and panels on key topics, including accountability and the rule of law, beneficial ownership and illicit financial flows, procurement and private partnerships, and the impact of data, technology, and climate change.
This Newsletter has been prepared by:
|
Rupinder Malik |
Kumar Kislay |
Vibhor Jain |
Archit Sehgal |
For more details, please contact [email protected]
[1] 2025 INSC 760 – decided on May 9, 2025
[2] (2024) 7 SCC 61
[3] 2025 INSC 618 – decided on May 2, 2025
[4] 2025 INSC 645 – decided on May 7, 2025
[5] 2025 INSC 725 – decided on May 16, 2025
[6] W.P. No. 31828/2024 – decided on April 29, 2025
[7] CRM-M-17032-2025 – decided on April 23, 2025
