India’s participation in the global automatic exchange of financial account information (AEOI) means that if you hold a bank account, mutual fund, insurance policy, or investment account in India while being a tax resident of another country, the Indian financial institution maintaining your account is required by law to report your account details to the Indian Income Tax Department-which then shares this information with your home country’s tax authority.
This two-way information highway operates through two parallel frameworks: FATCA (the Foreign Account Tax Compliance Act, implemented through the India-USA Intergovernmental Agreement signed on 9 July 2015) and CRS (the Common Reporting Standard, adopted by the OECD in 2014 and implemented by India for 100+ participating jurisdictions). From 2026, a third layer-CRS 2.0-extends the framework to crypto-assets, electronic money products, and central bank digital currencies.
Under the Draft Income Tax Rules, 2026, the FATCA/CRS framework is codified in Rules 238-240 (carrying forward old Rules 114F-114H), while the CRS 2.0 crypto/digital asset framework is introduced through entirely new Rules 241-244 under Section 509 of the IT Act, 2025. This guide covers who must report, what accounts are reportable, the due diligence procedures, the new crypto reporting obligations, and the penalty framework. For NRIs and global Indians managing income tax return filing (https://www.patronaccounting.com/income-tax-return) in India, understanding FATCA/CRS is critical-your account data is being shared internationally regardless of whether you file.
Rules 238-244: Complete Mapping
| New Rule | Old Rule | Subject | Governing Section | Status |
|---|---|---|---|---|
| 238 | 114F | Definitions (RFI, reportable account, reportable person, financial account, etc.) | Section 285BA | Carried forward |
| 239 | 114G | Information to be maintained and reported in Form 61B | Section 285BA | Carried forward |
| 240 | 114H | Due diligence requirements (preexisting/new accounts, individual/entity, low/high value) | Section 285BA | Carried forward |
| 241 | New | Definitions for CRS 2.0 (crypto-assets, e-money, CBDC, relevant crypto-asset service provider) | Section 509 | NEW |
| 242 | New | Obligation for reporting under Section 509 (who must report, what to report) | Section 509 | NEW |
| 243 | New | Reporting requirements under Section 509 (Form 167, annual filing, data elements) | Section 509 | NEW |
| 244 | New | Due diligence procedures under Section 509 (self-certification, TIN validation, change-in-circumstances) | Section 509 | NEW |
Who is a Reporting Financial Institution (Rule 238)?
Rule 238 (formerly Rule 114F) defines the entities that bear the reporting obligation:
- Depository institutions: Banks (including cooperative banks and branches of foreign banks in India) that accept deposits in the ordinary course of banking.
- Custodial institutions: Entities that hold, as a substantial portion of their business, financial assets for the account of others (e.g., custodian banks, securities depositories like NSDL/CDSL).
- Investment entities: Entities that primarily conduct the business of trading in money market instruments, foreign exchange, securities, commodity futures; individual and collective portfolio management; or investing, administering, or managing financial assets or money on behalf of others (e.g., mutual fund houses, PMS providers, AIFs).
- Specified insurance companies: Companies that issue or are obligated to make payments with respect to a cash value insurance contract or an annuity contract.
Certain entities are excluded: government entities, international organisations, central banks, broad participation retirement funds, narrow participation retirement funds, and certain pension funds. For entities using tax audit services (https://www.patronaccounting.com/tax-audit), determining RFI status is the critical first step-if you qualify as an RFI, the entire due diligence and reporting framework applies.
What is a Reportable Account?
A reportable account is any financial account maintained by an RFI that is identified, through the prescribed due diligence procedures, as being held by:
- A reportable person: A person who is a tax resident of a reportable jurisdiction (for CRS: any participating jurisdiction other than India; for FATCA: a US person including US citizens, green card holders, and US tax residents).
- A passive Non-Financial Entity (NFE) with one or more controlling persons who are reportable persons: Even if the entity itself is not a reportable person, if its controlling persons (typically 25%+ beneficial owners) are tax residents of reportable jurisdictions, the account is reportable.
Financial accounts include: depository accounts (savings, current, FD), custodial accounts (holding financial assets like shares, bonds, MF units), equity and debt interests in investment entities, and cash value insurance/annuity contracts.
Due Diligence Procedures (Rule 240)
Rule 240 (formerly Rule 114H) prescribes differentiated due diligence based on account type:
Preexisting Individual Accounts (opened before 1 July 2014)
- Lower-value accounts (< USD 1 million): RFIs may rely on residence address in their records. If the address is in a reportable jurisdiction, the account is reportable. Electronic record search for indicia (foreign address, telephone number, standing instructions to transfer funds abroad) is required.
- High-value accounts (≥ USD 1 million): Enhanced review required. In addition to electronic search, the relationship manager must be queried for actual knowledge. Paper records must be reviewed if electronic records are insufficient. If any indicia are found, the account is treated as reportable unless a self-certification or documentary evidence establishes non-reportable status.
New Individual Accounts (opened on or after 1 July 2014)
For all new individual accounts, the RFI must obtain a self-certification from the account holder at the time of account opening, confirming their tax residency and providing their Tax Identification Number (TIN). The reasonableness of the self-certification must be validated against documentation collected under KYC/AML procedures.
Preexisting Entity Accounts
- Accounts ≤ USD 250,000: Not required to be reviewed unless the RFI elects to do so.
- Accounts > USD 250,000: Must be reviewed. The RFI must determine whether the entity is a reportable person, an active NFE, or a passive NFE. For passive NFEs, the controlling persons must be identified and their tax residency determined.
New Entity Accounts
All new entity accounts must be reviewed. Self-certification is mandatory. The entity must confirm its status (active NFE, passive NFE, RFI, etc.) and provide details of controlling persons if it is a passive NFE. For companies registered through company registration (https://www.patronaccounting.com/private-limited-company-registration), the self-certification process during account opening now includes FATCA/CRS declarations-failure to provide a valid self-certification may result in the account being treated as a US/reportable account by default.
CRS 2.0: New Rules 241-244 - Crypto, E-Money & CBDC Reporting
This is the most significant change in the 2026 framework. Rules 241-244 are entirely new provisions that do not exist in the current rules. They implement the OECD’s Crypto-Asset Reporting Framework (CARF) and updated CRS 2.0 standards under Section 509 of the IT Act, 2025.
Rule 241: Definitions
Introduces definitions for: crypto-assets (including stablecoins and NFTs with payment/investment functions), electronic money products (prepaid cards, digital wallets), central bank digital currencies (CBDCs like the e-Rupee), and relevant crypto-asset service providers (CASPs-exchanges, custodians, brokers facilitating crypto transactions for Indian and non-resident users).
Rule 242: Reporting Obligation
CASPs, e-money product issuers, and entities dealing in CBDCs must report transactions involving non-resident users/customers. The obligation extends to identifying whether the user is a tax resident of a reportable jurisdiction and reporting the aggregate value of transactions during the calendar year.
Rule 243: Reporting Requirements (Form 167)
CASPs must file Form 167 annually, reporting: user identification details (name, address, TIN, date of birth), the type and value of crypto-assets/e-money/CBDC transacted, aggregate transaction values (purchases, sales, exchanges), and the jurisdiction of tax residency. The form is filed electronically with DSC.
Rule 244: Due Diligence Procedures
CASPs must: collect self-certifications from users at onboarding confirming tax residency and TIN, validate TINs against prescribed formats, apply change-in-circumstances monitoring (if a user relocates to a different jurisdiction, re-certification is required), and maintain records of all due diligence steps for a prescribed period. The due diligence standards are aligned with FATF anti-money laundering recommendations.
For entities providing professional accounting services (https://www.patronaccounting.com/accounting-services) to crypto exchanges and fintech platforms, the CRS 2.0 compliance requirement under Rules 241-244 represents a substantial new advisory opportunity.
FATCA vs CRS: Key Differences
| Parameter | FATCA (India-USA IGA) | CRS (OECD Standard) |
|---|---|---|
| Legal basis | India-USA IGA signed 9 July 2015; Section 285BA + Rules 238-240 | OECD CRS adopted 2014; Section 285BA + Rules 238-240; CRS 2.0 under Section 509 + Rules 241-244 |
| Scope | US persons only (citizens, green card holders, US tax residents) | Tax residents of 100+ participating jurisdictions (not India) |
| Reporting form | Form 61B | Form 61B (CRS 1.0); Form 167 (CRS 2.0 crypto/e-money) |
| Reporting to | Indian IT Department → IRS (via competent authority exchange) | Indian IT Department → respective foreign tax authority |
| Due diligence | Indicia-based (US address, phone, standing instructions); self-certification for new accounts | Same indicia-based approach; self-certification mandatory for all new accounts; TIN validation under CRS 2.0 |
| Threshold for entities | USD 250,000 for preexisting entity accounts | USD 250,000 for preexisting entity accounts (same) |
| High-value individual | USD 1 million (enhanced review) | USD 1 million (enhanced review, same) |
| Crypto/digital assets | Not covered under FATCA 1.0 | Covered under CRS 2.0 (Rules 241-244), effective 1 Jan 2026 |
| Withholding penalty | 30% withholding on US-source income for non-compliant FFIs | No withholding; domestic penalties (Rs 500-1,000/day; Rs 50,000 inaccuracy) |
Penalty Framework
| Default | Penalty |
|---|---|
| Late filing of Form 61B (after 31 May) | Rs 500/day during which the failure continues (Section 271FA) |
| Failure to file after 30-day notice from IT authority | Rs 1,000/day from the day after the notice deadline |
| Filing inaccurate information in Form 61B | Rs 50,000 per statement (Section 271FAA) |
| Inaccuracy due to false/inaccurate info by account holder | Rs 5,000 additional on the RFI (recoverable from account holder) |
| Non-compliance with due diligence (Section 285BA(7)) | Rs 50,000 penalty + potential loss of FATCA-compliant status (triggering 30% US withholding) |
| Failure to file Form 167 (CRS 2.0 crypto reporting) | Same penalty structure as Form 61B (Rs 500/1,000 per day) |
Common Mistakes to Avoid
Mistake 1: Not identifying all account holders’ tax residency. The most common compliance failure is not asking the right questions at account opening. Every new account must have a self-certification confirming tax residency and TIN. Relying solely on KYC nationality without checking tax residency leads to under-reporting.
Mistake 2: Ignoring passive NFEs and their controlling persons. An entity account may not itself be a reportable account, but if it is a passive NFE (no active income), the controlling persons (beneficial owners with 25%+ stake) must be identified. If any controlling person is a tax resident of a reportable jurisdiction, the account is reportable.
Mistake 3: Not performing enhanced review for high-value accounts. Accounts exceeding USD 1 million require enhanced due diligence including relationship manager inquiry and paper record review. Treating all accounts with the same low-value procedure is a due diligence failure.
Mistake 4: Missing change-in-circumstances triggers. If an account holder relocates to a reportable jurisdiction (new address, phone number, or transfer instructions), the RFI must re-validate the self-certification within 90 days. Failing to detect changes means the account may no longer be correctly classified.
Mistake 5: Not preparing for CRS 2.0 crypto obligations. From 1 January 2026, crypto-asset service providers must comply with Rules 241-244. This includes collecting self-certifications from all users, validating TINs, and filing Form 167 annually. Many crypto platforms are not yet ready for this compliance layer.
Key Takeaways
The FATCA/CRS reporting framework under Rules 238-240 (old Rules 114F-114H) requires Reporting Financial Institutions to identify reportable accounts through prescribed due diligence procedures and report them in Form 61B by 31 May annually. The due diligence is differentiated by account type (preexisting vs new, individual vs entity, low-value vs high-value) and requires self-certification, indicia search, and enhanced review for high-value accounts.
Rules 241-244 are entirely new provisions under Section 509 of the IT Act, 2025, implementing CRS 2.0 for crypto-assets, electronic money products, and CBDCs. Crypto-asset service providers must file Form 167 annually, collect self-certifications, validate TINs, and monitor change-in-circumstances-the same due diligence discipline that banks have followed since 2015 now applies to crypto platforms.
The penalty framework is steep: Rs 500-1,000/day for late filing, Rs 50,000 for inaccuracy, and potential loss of FATCA-compliant status (triggering 30% US withholding on US-source income). For reporting entities, compliance is not a one-time filing exercise-it is an ongoing operational discipline embedded in account opening, monitoring, and annual reporting.
Need Help with FATCA/CRS Compliance?
FATCA/CRS compliance requires ongoing due diligence, accurate self-certification collection, entity classification, controlling person identification, TIN validation, and annual Form 61B filing-all within a framework that carries Rs 500-1,000/day penalties for delay and Rs 50,000 for inaccuracy. With CRS 2.0 extending to crypto and digital assets under Rules 241-244, the compliance landscape has expanded significantly.
Explore our income tax compliance services (https://www.patronaccounting.com/income-tax-return) for FATCA/CRS advisory, RFI classification, due diligence implementation, Form 61B filing, and CRS 2.0 readiness assessment.
For queries, reach out at +91 945 945 6700 or WhatsApp us directly.
