In a significant move to clamp down on illicit financial activities, India's Financial Intelligence Unit (FIU) has rolled out a stringent new set of compliance rules for cryptocurrency exchanges operating in the country. The updated Anti-Money Laundering (AML) and Know Your Customer (KYC) guidelines, issued on January 8, aim to bring digital asset transactions under a much tighter regulatory scanner.
Enhanced Onboarding: Live Selfies and Geo-Tracking
The new framework, which classifies crypto platforms as Virtual Digital Asset (VDA) service providers, moves far beyond simple document uploads. Users must now verify their identity using a "live selfie" captured through software that employs liveness detection technology. This process, which may involve verifying eye blinks or head movements, is designed to prevent fraud using static photographs or deepfakes.
Furthermore, exchanges are required to record precise geographical data at the moment of account creation. This includes the exact latitude and longitude, date, timestamp, and the user's IP address. To confirm the authenticity of linked bank accounts, the mandatory "penny-drop" method will be used, involving a nominal transaction of one rupee.
Stricter ID Verification and Client Monitoring
The identity verification process has been significantly tightened. In addition to providing a Permanent Account Number (PAN), users must submit a secondary identification document. Acceptable forms include a Passport, Aadhaar card, or Voter ID. Both the registered email ID and phone number must also be verified through a one-time password (OTP).
The FIU has mandated regular updates to client KYC information. For clients deemed "high-risk," this due diligence must be refreshed every six months, while for all other users, it is an annual requirement. High-risk individuals include those with links to tax havens, jurisdictions on the FATF grey or black lists, politically exposed persons (PEPs), and certain non-profit organisations (NPOs).
Cracking Down on ICOs and Anonymity Tools
The guidelines take a particularly tough stance on specific activities and tools within the crypto ecosystem. The FIU explicitly states that Initial Coin Offerings (ICOs) and Initial Token Offerings (ITOs) present "heightened and complex" risks for money laundering and terror financing due to their perceived lack of economic justification.
Similarly, the use of anonymity-enhancing crypto tokens (AECs), tumblers, and mixers—tools designed to obscure the origin and trail of transactions—will be strongly discouraged. Exchanges are instructed not to facilitate such transactions and to implement immediate risk mitigation measures if they are detected.
All registered crypto exchanges, which are reporting entities under the Prevention of Money Laundering Act (PMLA), must preserve comprehensive client and transaction records for a minimum of five years. These records must be retained until the conclusion of any ongoing investigation.
This decisive regulatory action underscores India's cautious approach to cryptocurrencies. While not recognized as legal tender, crypto assets are subject to taxation, and the government is now reinforcing the framework to prevent their misuse for financial crimes.
