In a decisive move to clamp down on illicit financial flows, India's Financial Intelligence Unit (FIU) has rolled out a stringent new set of compliance rules for cryptocurrency trading platforms. The updated anti-money laundering (AML) and know your customer (KYC) guidelines, issued on January 8, aim to bring digital asset transactions under a much tighter regulatory microscope.
Beyond Paperwork: The New Verification Hurdles
The FIU, which functions under the Union Finance Ministry, now classifies crypto exchanges as Virtual Digital Asset (VDA) service providers. This classification comes with significantly enhanced due diligence requirements that go far beyond simple document uploads. The cornerstone of the new protocol is the introduction of mandatory liveness detection during user onboarding.
This means potential users must now take a "live selfie" using specialized software that verifies their physical presence in real-time, typically by prompting actions like blinking or moving the head. This measure is designed to effectively thwart the use of static photographs or sophisticated deepfakes to create fraudulent accounts.
Furthermore, exchanges are now obligated to capture and record precise geographical data at the moment an account is created. This includes the exact latitude and longitude, date, timestamp, and the user's IP address, creating a detailed digital footprint of the registration process.
Strengthening the Financial Paper Trail
The FIU's guidelines also reinforce the link between a user's crypto activity and their formal banking identity. The "penny-drop" method is now compulsory. This involves processing a nominal transaction of Re 1 to confirm that the linked bank account is not only active but also genuinely belongs to the person registering on the platform.
For identity verification, providing a Permanent Account Number (PAN) is no longer sufficient. Users must submit a secondary government-issued ID, which can be a Passport, Aadhaar card, or Voter ID. Additionally, both the registered email ID and phone number must undergo a one-time password (OTP) verification process.
Ongoing Vigilance and Regulatory Stance
The regulatory framework establishes the FIU as the single-point regulator for all cryptocurrency exchanges operating in India under the Prevention of Money Laundering Act (PMLA). All such platforms must register with the FIU as "reporting entities" and are required to submit regular reports on suspicious transactions. They must also maintain comprehensive client records to help identify and combat risks related to money laundering, terrorist financing, and proliferation financing.
It is important to note that while crypto assets are taxed under India's Income-Tax law, they are not recognized as legal tender. The new guidelines explicitly aim to "strongly discourage" high-risk fundraising methods like Initial Coin Offerings (ICOs) and Initial Token Offerings (ITOs), citing their lack of economic justification.
For ongoing compliance, exchanges have been instructed to update KYC details for clients deemed "high-risk" every six months. For all other users, this KYC refresh must be conducted on an annual basis. This move signifies India's continued tough stance on tools that could obscure the origins of crypto wealth, pushing the industry towards greater transparency and accountability.
