The government has introduced a new legal mechanism that significantly expands financial surveillance in Pakistan. The transaction reporting law requires banks to report account holder details with deposits or withdrawals exceeding Rs. 100 million within six months. This new requirement becomes effective from July 1 and will enable digital cross-matching with tax records.
The Finance Act 2026, issued on Monday, establishes this procedure as part of broader efforts to detect under-reporting of sales. Additionally, officials aim to identify overstatement of expenses and non-reporting of taxable information. Therefore, the transaction reporting law represents a major shift in how authorities monitor financial activities.
Under the new framework, Section 165AB titled Reporting of Financial Transaction Data has been inserted into the Income Tax Ordinance, 2001. Every banking company and Electronic Money Institution must electronically upload specified financial transaction data to a Central Data Hub. This hub will perform algorithmic cross-matching of tax and banking information. Moreover, this process occurs notwithstanding other banking and financial laws.
The information banks must share includes details of account holders whose deposits or withdrawals exceed Rs. 100 million during a reporting period. The transaction reporting law covers all their bank accounts. Additionally, banks will report deposit and withdrawal particulars, opening and closing balances, peak credits, and total credits.
The reporting period comprises two halves of a financial year: July 1 to December 31 and January 1 to June 30. Therefore, banks will submit data twice annually. The specified reporting dates will be January 31 and July 31, respectively. So institutions have clear deadlines for compliance.
The law states that shared information will be digitally processed and inaccessible to income tax authorities during the cross-matching stage. If officials detect a significant mismatch, the Board’s digital system will transfer the case to the Compliance Risk Management system. Then further proceedings occur through the National Faceless Centre. So the transaction reporting law includes safeguards protecting taxpayer privacy during initial stages.
The State Bank of Pakistan may also establish, operate, and maintain a secure centralized virtual repository. This repository would contain banking data, information, records, and financial transactions of persons. Banks would maintain this data on the basis of unique identifiers as the Board prescribes.
The Federal Board of Revenue has responsibility for ensuring strict confidentiality of information received from banks. Officials must prevent any disclosure or misuse except as allowed under the law. Therefore, the transaction reporting law includes penalties for unauthorized information sharing.
The law defines “accounts” to include current, call, savings, fixed, term deposits, and other bank deposit forms. “Peak credits” refers to the highest credit balance across all accounts during the reporting period. So the definitions are precise and comprehensive.
The Central Data Hub maintenance falls to the Board through PRAL. The Compliance Risk Management system identifies and communicates compliance risks linked to concealed sales, inflated expenses, and unreported transactions. Therefore, multiple systems work together to detect financial irregularities and tax evasion patterns.












