1. The functioning of the Enforcement Directorate
What are the powers of the ED under the Prevention of Money Laundering Act?
The PMLA was brought in to prevent parking of money outside India and to trace out the layering and the trail of money. The ED got its power to investigate these crimes under Sections 48 and 49 of the Act.
Whenever any offence is registered by a local police station, which has generated proceeds of crime over and above ₹1 crore, the ED steps in. The ED can also carry out search (property) and seizure (money/documents) if it suspects money has been laundered.
Since the PMLA was enacted only in 2005, any ill-gotten property acquired before the year 2005 has no case under PMLA.
The story so far: The Enforcement Directorate (ED) is in the news now and often. It goes back to May 1, 1956, when an ‘Enforcement Unit’ was formed in the Department of Economic Affairs, for handling Exchange Control Laws violations under the Foreign Exchange Regulation Act (FERA). The ED today is a multi-dimensional organisation investigating economic offences under the Prevention of Money Laundering Act (PMLA), Fugitive Economic Offenders Act, Foreign Exchange Management Act and FERA.
From where does the ED get its powers?
When proceeds of crime (property/money) are generated, the best way to save that money is by parking it somewhere, so one is not answerable to anyone in the country. Therefore, there was a need to control and prevent the laundering of money. The PMLA was brought in for this exact reason in 2002, but was enacted only in 2005. The objective was to prevent parking of the money outside India and to trace out the layering and the trail of money. So as per the Act, the ED got its power to investigate under Sections 48 (authorities under act) and 49 (appointment and powers of authorities and other officers).
If money has been laundered abroad, the PMLA court (constituted as per the Act) has the right to send a letter of rogatory under Section 105 (reciprocal arrangements regarding processes) of the Code of Criminal Procedure. The said government can then share the documents and evidence needed by the agency. The preventive part is to create a deterrent and fear in the minds of people.
At what stage does the ED step in when a crime is committed?
Whenever any offence is registered by a local police station, which has generated proceeds of crime over and above ₹1 crore, the investigating police officer forwards the details to the ED. Alternately, if the offence comes under the knowledge of the Central agency, they can then call for the First Information Report (FIR) or the chargesheet if it has been filed directly by police officials. This will be done to find out if any laundering has taken place.
What differentiates the probe between the local police and officers of the ED?
Consider the following scenario: If a theft has been committed in a nationalised bank, the local police station will first investigate the crime. If it is learnt that the founder of the bank took all the money and kept it in his house, without being spent or used, then the crime is only theft and the ED won’t interfere because the amount has already been seized. But if the amount which has been stolen is used after four years to purchase some properties, then the ill-gotten money is brought back in the market; or if the money is given to someone else to buy properties in different parts of the country, then there is ‘laundering’ of money and the ED will need to step in and look into the layering and attachment of properties to recover the money.
If jewellery costing ₹1 crore is stolen, police officers will investigate the theft. The ED, however, will attach assets of the accused to recover the amount of ₹1 crore.
What are the other roles and functions of the ED?
The ED carries out search (property) and seizure (money/documents) after it has decided that the money has been laundered, under Section 16 (power of survey) and Section 17 (search and seizure) of the PMLA. On the basis of that, the authorities will decide if arrest is needed as per Section 19 (power of arrest).
Under Section 50 (powers of authorities regarding summons, production of documents and to give evidence etc), the ED can also directly carry out search and seizure without calling the person for questioning. It is not necessary to summon the person first and then start with the search and seizure.
If the person is arrested, the ED gets 60 days to file the prosecution complaint (chargesheet) as the punishment under PMLA doesn’t go beyond seven years. If no one is arrested and only the property is attached, then the prosecution complaint along with attachment order is to be submitted before the adjudicating authority within 60 days.
The PMLA being relatively new, can the ED investigate cases of money laundering retrospectively?
If an ill-gotten property is acquired before the year 2005 (when the law was brought in) and disposed off, then there is no case under PMLA. But if proceeds of the crime were possessed before 2005, kept in cold storage, and used after 2005 by buying properties, the colour of the money is still black and the person is liable to be prosecuted under PMLA.
Under Section 3 (offence of money laundering) a person shall be guilty of the offence of money-laundering, if such person is found to have directly or indirectly attempted to indulge or knowingly assist a party involved in one or more of the following activities — concealment; possession; acquisition; use; or projecting as untainted property; or claiming as untainted property in any manner.
2. The status of India’s National Cyber Security Strategy
What are the key recommendations of the Data Security Council of India with respect to framing a robust and holistic cyber security policy?
The Data Security Council of India (DSCI) has prepared a 22-page report focussing on 21 areas to ensure a safe and vibrant cyberspace for India. Some of the focus areas are large scale digitisation of public services, State-level cyber security etc.
The report recommends a national framework which should be set in collaboration with institutions like the National Skill Development Corporation (NSDC) and ISEA (Information Security Education and Awareness) to provide global professional certifications in security. The DSCI further recommends creating a ‘cyber security services’.
One in four Indian organisations suffered a ransomware attack in 2021, which is higher than the global average of 21%.
The story so far: Amid a surge in cyberattacks on India’s networks, the Centre is yet to implement the National Cyber Security Strategy which has been in the works since 2020.
Why does India need a cybersecurity strategy?
As per American cybersecurity firm Palo Alto Networks’ 2021 report, Maharashtra was the most targeted State in India — facing 42% of all ransomware attacks. The report stated that India is among the more economically profitable regions for hacker groups and hence these hackers ask Indian firms to pay a ransom, usually using cryptocurrencies, in order to regain access to the data. One in four Indian organisations suffered a ransomware attack in 2021. Indian organisations witnessed a 218% increase in ransomware — higher than the global average of 21%.
Software and services (26%), capital goods (14%) and the public sector (9%) were among the most targeted sectors. Increase in such attacks has brought to light the urgent need for strengthening India’s cybersecurity.
What is the National Cyber Security Strategy?
Conceptualised by the Data Security Council of India (DSCI), the 22-page report focuses on 21 areas to ensure a safe, secure, trusted, resilient, and vibrant cyberspace for India.
The main sectors of focus of the report are:-
Large scale digitisation of public services: There needs to be a focus on security in the early stages of design in all digitisation initiatives and for developing institutional capability for assessment, evaluation, certification, and rating of core devices.
Supply chain security: There should be robust monitoring and mapping of the supply chain of the Integrated circuits (ICT) and electronics products. Product testing and certification needs to be scaled up, and the country’s semiconductor design capabilities must be leveraged globally.
Critical information infrastructure protection: The supervisory control and data acquisition (SCADA) security should be integrated with enterprise security. A repository of vulnerabilities should also be maintained.
Digital payments: There should be mapping and modelling of devices and platform deployed, transacting entities, payment flows, interfaces and data exchange as well as threat research and sharing of threat intelligence.
State-level cyber security: State-level cybersecurity policies and guidelines for security architecture, operations, and governance need to be developed.
What steps does the report suggest?
To implement cybersecurity in the above-listed focus areas, the report lists the following recommendations:
Budgetary provisions: A minimum allocation of 0.25% of the annual budget, which can be raised up to 1% has been recommended to be set aside for cyber security. In terms of separate ministries and agencies, 15-20% of the IT/technology expenditure should be earmarked for cybersecurity. The report also suggests setting up a Fund of Funds for cybersecurity and to provide Central funding to States to build capabilities in the same field.
Research, innovation, skill-building and technology development: The report suggests investing in modernisation and digitisation of ICTs, setting up a short and long term agenda for cyber security via outcome-based programs and providing investments in deep-tech cyber security innovation.
Furthermore, a national framework should be devised in collaboration with institutions like the National Skill Development Corporation (NSDC) and ISEA (Information Security Education and Awareness) to provide global professional certifications in security. The DSCI further recommends creating a ‘cyber security services’ with cadre chosen from the Indian Engineering Services.
Crisis management: For adequate preparation to handle crisis, the DSCI recommends holding cybersecurity drills which include real-life scenarios with their ramifications. In critical sectors, simulation exercises for cross-border scenarios must be held on an inter-country basis.
Cyber insurance: Cyber insurance being a yet to be researched field, must have an actuarial science to address cybersecurity risks in business and technology scenarios as well as calculate threat exposures. The DSCI recommends developing cyber insurance products for critical information infrastructure and to quantify the risks involving them.
Cyber diplomacy: Cyber diplomacy plays a huge role in shaping India’s global relations. To further better diplomacy, the government should promote brand India as a responsible player in cyber security and also create ‘cyber envoys’ for the key countries/regions.
Cybercrime investigation: With the increase in cybercrime across the world, the report recommends unburdening the judicial system by creating laws to resolve spamming and fake news. It also suggests charting a five-year roadmap factoring possible technology transformation, setting up exclusive courts to deal with cybercrimes and remove backlog of cybercrimes by increasing centres providing opinion related to digital evidence under section 79A of the IT act.
Moreover, the DSCI suggests advanced forensic training for agencies to keep up in the age of AI/ML, blockchain, IoT, cloud, automation. Law enforcement and other agencies should partner with their counterparts abroad to seek information of service providers overseas.
What is the progress in its implementation?
In the recent Budget session of Parliament, several MPs questioned the Ministry of Electronics & Information Technology (MEiTy) on when the Centre plans to introduce the policy.
In response, the Centre clarified that it has “formulated a draft National Cyber Security Strategy 2021 which holistically looks at addressing the issues of security of national cyberspace.” Without mentioning a deadline for its implementation, the Centre added that it had no plans as of yet “to coordinate with other countries to develop a global legal framework on cyber terrorism.”