Statement of Financial Transaction (SFT) refers to information related to certain high-value transactions which specified persons are required to report to the income tax department.
We are publishing this article for public awareness purpose. Business owners and Startups must aware this kind of technical issues, otherwise you might be victim of loosing your business and it’s biggest threat for Directors/Business owners.
This article explains, technical aspects of the issue.
1. What is SFT?
Statement of Financial Transaction (SFT) provides a reporting mechanism wherein specified entities are required to provide information about material financial transactions to the Income-tax Dept. The Statement of Financial Transaction is furnished in Form 61A as per the provisions of Section 285BA read with Rule 114E.
Understand more about SFT using following links.
2. Who needs to file SFT?
Read the following article to understand who has to file SFT and it’s applicability
3. Why filing SFT is a threat for your business?
To file SFT,
- You must know about Reporting Portal.
- Steps to register Reporting Portal
There are different kind of roles for users. A principal officer designated by the reporting entity can add, review and change the users who can access the portal. The designated director can update the statements in the prescribed format.
3.1. What was the technical issue?
- Each entity (Technically a user account with company PAN in income tax portal) associate with ITDREIN (a unique 16-digit number) to a reporting portal.
- Generally user accounts will be created with PAN number in reporting portal. And, user account will be associated to entity (Technically ITDREIN)
- A digital certificate must be upload for user designated director and designated director has ability to submit/report transaction information. Without digital signature user can not submit report and the user identity can not be validated.
Technically there is in depth process to understand the technical issue, but I would try to simplify to understand to a non-technical user point view.
For example, if an user account created with PAN “P1P1P1” with the role “Designated Director” under
ITDREIN “A1A1A1” and upload a digital certificate for that user. The certificate must be accessed for the user
“P1P1P1” only when he logged in under that ITDREIN “A1A1A1” (means entity), because digital certificate has encrypted sensitive identity for user.
Sever Issue: For example, if an user account created with same PAN “P1P1P1” with the role “Designated Director” under
ITDREIN “A2A2A2” (Technically means different entity), the certificate uploaded in entity “A1A1A1” also accessible to the user.
As a technical person, I would consider this is a very high potential system defect/security issue.
Let me explain how this is misusing practicing professionals.
Practicing professionals creates 2 user accounts simultaneously with same PAN in 2 different entities. You think that, the reporting happening through only one entity. But behind the scene, they use other user account too using first user identity (digital certificate). For example, they report like you purchased shares from one entity that you aware of, in behind, they will report someone else purchased from you, that you never aware of until you screwed up into legal things.
Note: May be only few professionals/CA’s attempts to do the fraud, but in our observation many professionals in this area know about this technical issue. But why this issue is not get fixed in reporting portal?
Hope this issue may get resolved in reporting portal soon.
There are other design issues as well in updating contact details of user.
The bottom line is, be cautious when your entity reporting SFT, there is chance to misuse of information about your shares, and the reporting will happen through your identity. And definitely this report will alone may not impact, but based on this report there will be subsequent incidents will happen in other reportings/filings using your identity, but that you may not consciously aware even though you approved reports by your self, if you are newly entered into business.
Disclaimer: The content provided is for educational and informational purposes only.