Statement of Financial Transaction (SFT) refers to information related to certain high-value transactions which specified persons are required to report to the income tax department.
My name is Satheesh Sangaraju, we are publishing this article for public awareness purpose. Business owners and Startups must aware this kind of technical issues, otherwise you might be victim of loosing your business and it’s biggest threat for Directors/Business owners.
This article explains, technical aspects of the issue.
1. What is SFT?
Statement of Financial Transaction (SFT) provides a reporting mechanism wherein specified entities are required to provide information about material financial transactions to the Income-tax Dept. The Statement of Financial Transaction is furnished in Form 61A as per the provisions of Section 285BA read with Rule 114E.
Understand more about SFT using following links.
2. Who needs to file SFT?
Read the following article to understand who has to file SFT and it’s applicability
3. Why filing SFT is a threat for your business?
You may not need to file SFT, do not go for filings by trusting professional practitioners, they sell your your company do financial frauds with your authorization without your consciousness. We realized too late that we do not require to file SFT as we had no reportable transactions.
To file SFT,
- You must know about Reporting Portal.
- Steps to register Reporting Portal
There are different kind of roles for users. A principal officer designated by the reporting entity can add, review and change the users who can access the portal. The designated director can update the statements in the prescribed format.
3.1. What was the technical issue?
- Each entity (Technically a user account with company PAN in income tax portal) associate with ITDREIN (a unique 16-digit number) to a reporting portal.
- Generally user accounts will be created with PAN number in reporting portal. And, user account will be associated to entity (Technically ITDREIN)
- A digital certificate must be upload for user designated director and designated director has ability to submit/report transaction information. Without digital signature user can not submit report and the user identity can not be validated.
Technically there is in depth process to understand the technical issue, but I would try to simplify to understand to a non-technical user point view.
For example, if an user account created with PAN “P1P1P1” with the role “Designated Director” under
ITDREIN “A1A1A1” and upload a digital certificate for that user. The certificate must be accessed for the user
“P1P1P1” only when he logged in under that ITDREIN “A1A1A1” (means entity), because digital certificate has encrypted sensitive identity for user.
Sever Issue: For example, if an user account created with same PAN “P1P1P1” with the role “Designated Director” under
ITDREIN “A2A2A2” (Technically means different entity), the certificate uploaded in entity “A1A1A1” also accessible to the user.
As a technical person, I would consider this is a very high potential system defect/security issue.
Let me explain how this is misusing practicing professionals.
Practicing professionals creates 2 or multiple user accounts simultaneously with same PAN in 2 different entities. You think that, the reporting happening through only one entity. But behind the scene, they use other user account too using first user identity (digital certificate). For example, they report like 300 Million where as actual number is 12 lakhs, that you never aware of until you screwed up into legal things.
Note: May be only few professionals/CA’s attempts to do the fraud, but in our observation many professionals in this area know about this technical issue. But why this issue is not get fixed in reporting portal?
Hope this issue may get resolved in reporting portal soon.
There are other design issues as well in updating contact details of user.
The bottom line is, be cautious when your entity reporting SFT, there is chance to misuse of information about your shares, and the reporting will happen through your identity. And definitely this report will alone may not impact, but based on this report there will be subsequent incidents will happen in other reportings/filings using your identity, but that you may not consciously aware even though you approved reports by your self, if you are newly entered into business.
Disclaimer: The content provided is for educational and informational purposes only.
CAUTION
Read very interesting facts about Digital Audio Forgery
I understand that fear often prevents people from openly sharing information about such large fraud networks. Many individuals hesitate to speak out because they worry about potential consequences, influence, or retaliation from powerful groups behind these operations. However, staying silent only allows these networks to grow stronger and continue exploiting unsuspecting citizens. By bringing these issues to light and raising collective awareness, we can break the cycle of fear, protect others from falling victim, and push for accountability against those who misuse their power for fraudulent purposes.
My purpose in sharing this is to create awareness among the public about how fraud networks operate and engage with individuals without their knowledge. Many people may not even realize they are interacting with fake callers or fraudsters until it is too late, by which time their personal information or recorded responses may already have been misused. It is therefore essential to remain vigilant, verify every communication, and recognize these deceptive tactics before falling victim. Such networks may be supported by powerful interests, including political groups or large companies engaged in malpractice. Only widespread public awareness and caution can help put an end to these practices.