Client KYC Checklist for GST Professionals: How to Avoid GST Fraud & 122(3A) Exposure
I. Why client KYC now decides your 122(3A) risk
Section 122(3A) of the CGST Act now exposes “any person” to penalty where they are seen to have facilitated or benefited from specified GST frauds, including fake registration and bogus ITC. In practice, this has meant that GST consultants and accountants can be dragged into proceedings merely because they handled registrations, filings or reconciliations for an entity later found to be non‑genuine. At the same time, large scams involving Aadhaar/PAN misuse, benami firms and fake invoices have shown how easily stolen identities or weak KYC can be used to set up paper entities. In this environment, a structured client‑onboarding and verification checklist is no longer optional—it is your first line of defence to show absence of intent, connivance or benefit if a 122(3A) notice is ever issued.
II. Core principles behind a GST client‑KYC checklist
A robust KYC framework for GST work should achieve three things:
- Confirm that the person approaching you is the real controller of the business and not a front using stolen credentials.
- Create a documented trail that you took reasonable steps to verify identity, registration status and basic compliance behaviour.
- Clearly allocate responsibility for factual correctness and commercial decisions to the client, while you assume responsibility for correct application of law and procedure.
With these principles, even if a client is later found to have engaged in fraud, you can demonstrate that you neither designed the scheme nor ignored obvious red flags.
III. Practical checklist for verifying GST clients (for your practice use)
You can present and use the following as a one‑page internal checklist.
A. Identity and control verification
- Obtain and retain self‑attested copies of PAN, Aadhaar (or equivalent ID) of proprietors/partners/directors, along with recent photographs.
- Match personal KYC data with GST registration data: legal name, trade name, date of registration and principal place of business on the GST portal.
- Verify that mobile number and email linked to the GSTIN are controlled by the client, not by any intermediary; insist that OTPs for registration and filing go to the client’s own contact points.
- Where promoters are geographically distant from the declared place of business without clear business rationale, record this as a risk factor and seek additional comfort (board resolution, PoA, local manager details).
B. GSTIN status and compliance behaviour
- Verify GSTIN on the official search facility and keep a screenshot or printout showing status (active/suspended/cancelled), registration type and date.
- Review filing history for the last 12–24 months, noting non‑filing periods, frequent late filings or sudden spikes in turnover or ITC; document your observations in a short KYC note.
- For new entities, check whether linked PANs already have multiple registrations in different states or sectors; multiple short‑lived entities with common promoters are a known red flag in fake ITC cases.
- For high‑value or high‑risk sectors (scrap, metals, trading of high‑value goods, etc.), insist on additional documentation such as key supply contracts, major customer/vendor lists and basic banking details.
C. Business reality and place of business
- Obtain basic business profile: nature of supplies, main customers and vendors, approximate monthly turnover, number of employees and storage locations; retain this as part of your KYC file.
- Visit the principal place of business at least once for high‑risk or unknown promoters, or insist on video walkthrough and geo‑tagged photos where physical visit is not feasible; record date, mode and findings.
- Cross‑check address on invoices, KYC documents and GST portal; material mismatches (non‑existent premises, crowded residential slums for “large exporters”, etc.) should trigger written queries or refusal to accept the assignment.
D. Banking and financial trail
- Collect details of primary bank accounts used for GST‑related transactions, with a cancelled cheque or bank statement to match legal name and address.
- Enquire whether promoters or related parties operate multiple accounts that will be used for collections and payments; note these details in your KYC note.
- Refuse to route client funds, refunds or vendor payments through your own or your firm’s bank accounts under any circumstances.
E. Engagement terms and allocation of responsibility
- Execute a written engagement letter specifying:
- Scope limited to registrations, return filing, reconciliations and advisory.
- Client’s responsibility for truth and completeness of underlying data and documents.
- Express prohibition on sham entities, circular trading and accommodation entries.
- Your right to disengage if serious non‑compliance or fraud is suspected.
- Include a clause that all instructions must be in writing (email/WhatsApp) and that you will rely on such instructions for filing, subject to law; this ensures an evidentiary trail.
- Avoid contingency‑style or “percentage of refund/ITC” fee structures that can later be portrayed as sharing in fraudulent benefit; prefer fixed or time‑based professional fees.
F. Ongoing monitoring and red‑flag escalation
- Run a quick GSTIN status and filing check at least annually or before major refund/ITC claims, and retain evidence of the check.
- Document any anomalies you notice (unexplained turnover spikes, negative stocks, large ITC from high‑risk suppliers) along with written queries sent to the client and their replies.
- Where satisfactory explanations are not forthcoming, issue a written caution and, in extreme cases, a disengagement letter explaining that you cannot continue due to unresolved red flags.
- Maintain all KYC forms, notes, approvals and correspondence for at least eight years, aligned with limitation periods and departmental audit practices.
IV. How this checklist helps against 122(3A)
If a client is later found involved in fake invoicing or benami registrations, the department may attempt to invoke Section 122(3A) on the ground that you “facilitated” the offence by handling registration or returns. A documented KYC checklist, contemporaneous notes, engagement letters and written red‑flag escalations together demonstrate that:
- You took reasonable steps to verify the client’s identity, registration and basic compliance.
- You did not control business decisions, commercial flows or banking.
- You neither designed the fraud nor participated in its benefits; at worst, you acted in good‑faith reliance on client representations.
This evidence supports the argument that any attempt to fasten 122(3A) liability on you would be inconsistent with the intent/connivance threshold implicit in the scheme of Section 122 and with basic principles of natural justice.
CONCLUSION:
“In a GST environment where identity theft, fake registrations and bogus ITC scams are an everyday reality, professionals cannot afford to treat client acceptance as a casual, relationship‑driven step. A structured KYC and onboarding checklist, applied consistently and documented carefully, is not just a good‑governance practice—it is a legal shield that can make the difference between being treated as a bona fide adviser or as an alleged facilitator under Section 122(3A). By insisting on clear identity proofs, GSTIN and compliance checks, realistic business profiling, sound engagement letters and written red‑flag handling, GST professionals can continue to serve taxpayers confidently while minimising the risk of being scapegoated for frauds they neither designed nor condoned.”
Author Bio
Kindly send the engagement letter for doing GST works on behalf of the client for our professional safety