New Regulations for Cryptocurrency Exchanges in India
In a bid to crack down on illegal activities in the digital asset market, India’s Financial Intelligence Unit (FIU) has introduced stringent new Anti-Money Laundering (AML) and Know Your Customer (KYC) protocols for cryptocurrency exchanges.
The updated guidelines, released on January 8, categorize crypto exchanges as Virtual Digital Asset (VDA) service providers. These exchanges are now required to implement enhanced verification processes beyond simple document uploads.
Under the new rules, users must undergo a “live selfie” verification process using software that detects their presence through actions like eye-blinking or head movement. This measure aims to prevent the use of static photos or deepfake technology.
Additionally, exchanges must capture the exact geographical coordinates, date, timestamp, and IP address when a user initiates an account creation process.
The guidelines also mandate the “penny-drop” method, which involves conducting a nominal transaction to confirm the legitimacy of the user’s bank account.
Alongside providing a Permanent Account Number (PAN), users must submit a secondary ID such as a passport, Aadhaar, or voter ID. OTP verification for email and phone numbers is also mandatory.
The FIU, operating under the Union Finance Ministry, is taking a firm stance against tools that aim to conceal the trail of cryptocurrency transactions. The new regulations aim to discourage Initial Coin Offerings (ICOs) and Initial Token Offerings (ITOs) due to their perceived lack of economic justification and high risk.
As the single-point regulator for cryptocurrency exchanges in India, the FIU requires all exchanges to register as reporting entities and submit regular reports on suspicious transactions. This is in line with the provisions of the Prevention of Money Laundering Act (PMLA).
Exchanges must conduct KYC updates for high-risk clients every six months and for others annually. Enhanced client due diligence is required for individuals or entities with links to tax havens, FATF grey or black list jurisdictions, politically exposed persons (PEPs), or non-profit organizations (NPOs).
Regarding ICOs/ITOs, the guidelines highlight the heightened money laundering and terror financing risks associated with these activities. Anonymity-enhancing crypto tokens, tumblers, and mixers designed to obscure transaction details are also flagged as potential risks.
Exchanges are instructed to retain client IDs, addresses, and transaction records for at least five years. This data should be preserved until the conclusion of any related investigations.
The guidelines underscore the importance of implementing suitable risk mitigation measures to prevent illicit transactions facilitated by crypto tumblers or mixers, which blend coins from various sources to obfuscate their origins.
Overall, the new regulations aim to enhance transparency and combat money laundering, terrorist financing, and proliferation risks associated with cryptocurrencies in India.
