Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
India has tightened the regulatory screws on cryptocurrency exchanges, with the Financial Intelligence Unit (FIU) rolling out a new set of strict anti-money laundering (AML) and know-your-customer (KYC) standards aimed at curbing illicit activities in the digital asset ecosystem.
The updated guidelines, published on January 8 and viewed by PTISignificantly increases compliance requirements for crypto exchanges, officially categorizing them as virtual digital asset (VDA) service providers under the Prevention of Money Laundering Act (PMLA).
Who do these rules apply to?
The standards apply to all cryptocurrency exchanges classified as virtual digital asset (VDA) service providers. These entities are regulated by the Prevention of Money Laundering Act (PMLA) and must be registered with the FIU as reporting entities.
What changes for users?
Crypto users will face a much stricter onboarding process. Exchanges must now:
- Verify identity via live selfie using liveliness detection software (eye blink or head movement)
- Capture geographic data including latitude, longitude, IP address, date and timestamp at the time of account creation.
- Use the penny method, involving a Re 1 transaction, to verify bank account ownership
- Collect a PAN and additional government-issued ID such as Aadhaar, passport or voter ID.
- Check Email ID and Mobile Number via OTPs
These steps are intended to ensure that the person opening the account is physically present and truly initiates the process.
Why is activity detection made mandatory?
The FIU says activity detection helps prevent identity fraud, including the misuse of static photographs and deep counterfeiting technologies. It ensures that the person whose documents are submitted is the same person accessing the platform.
What is the position on ICOs, ITOs and anonymity tools?
The FIU has taken a strong position on:
- Initial coin offerings (ICOs) and initial token offerings (ITOs), which it says lack economic justification and pose high risks of money laundering and terrorist financing.
- Anonymity-enhancing crypto tokens, as well as tumblers and mixers, which obscure the origin of transactions.
Exchanges are requested not to facilitate such transactions and to apply strong risk mitigation measures when detected.
What are “high risk” customers under the new rules?
High-risk clients include:
- Natural or legal persons linked to tax havens
- Persons from jurisdictions on the FATF gray or black list
- Politically exposed persons (PEPs)
- Non-profit organizations (NPOs)
These customers will be subject to enhanced due diligence, including checks using open source information and independent databases.
How often will KYC need to be updated?
- High-risk clients: every six months
- All other customers: annually
What records should exchanges keep?
Crypto exchanges must preserve:
- Identity and address of the customer
- Transaction records
- These records must be kept for at least five years, or longer if an investigation is ongoing.
Cryptocurrencies are not recognized as legal tender in India. However, transactions involving crypto assets are taxed under the income tax law.
