In a significant move to tighten oversight on the cryptocurrency sector, India's Financial Intelligence Unit (FIU) has mandated stringent new Know Your Customer (KYC) procedures for Virtual Digital Asset (VDA) service providers. The new rules require crypto exchanges and platforms to implement live photo (selfie) verification and a 'penny drop' test to confirm the authenticity of customer bank accounts.
The New KYC Mandate: A Two-Pronged Approach
The directive, issued by the FIU-IND, targets the growing need for robust customer identification in the digital asset space. The core of the new mandate revolves around two specific verification methods that must be integrated into the KYC process for all new and existing customers.
First, the live photo or selfie verification requires users to provide a real-time photograph. This measure is designed to prevent the use of pre-existing or doctored images, adding a dynamic layer of biometric confirmation to the standard document submission.
Second, and more crucially, is the 'penny drop' test. This process involves the VDA platform depositing a minuscule, random amount (typically one rupee or less) into the bank account provided by the user during registration. The customer must then accurately report the exact credited amount to complete the verification. This step serves a dual purpose: it confirms that the bank account is genuine, active, and accessible to the user, and it establishes a verifiable link between the user's identity and their financial instrument.
Driving Forces Behind the Regulatory Push
This regulatory hardening follows the Indian government's decision in March 2023 to bring VDA service providers under the ambit of the Prevention of Money Laundering Act (PMLA), 2002. By classifying these platforms as "reporting entities," the law obligated them to perform enhanced due diligence on their clients, maintain detailed records, and report suspicious transactions to the FIU.
The latest directive operationalizes these obligations with concrete technical requirements. Authorities are particularly concerned about the potential for identity fraud, money laundering, and the use of mule accounts in the crypto ecosystem. The penny drop mechanism effectively counters the submission of fabricated or third-party bank details, a common red flag in financial crimes.
Implications for Crypto Exchanges and Users
For the 48-plus FIU-registered crypto entities operating in India, including major exchanges, the mandate necessitates immediate technological and procedural upgrades. They must now integrate systems capable of conducting the automated penny drop transaction and seamlessly capturing live photos within their onboarding workflows.
For users, the KYC process will become slightly more involved but is intended to create a more secure trading environment. The new steps add friction but significantly raise the barrier for fraudulent actors. It underscores the Indian regulatory framework's gradual shift from outright skepticism to a structured, compliance-focused oversight of the cryptocurrency industry.
The move aligns India with global trends where financial regulators are insisting on bank account validation as a cornerstone of financial service onboarding, especially in high-risk sectors like digital assets. The FIU's directive marks a clear step towards legitimizing the industry through enforced transparency, aiming to protect the financial system while acknowledging the presence of crypto assets in the economy.
