Key Takeaways
-
India’s FIU introduced stricter KYC and AML regulations for crypto platforms to curb fraud and money laundering.
-
Higher costs and compliance burdens may stifle smaller platforms and innovation in the sector.
-
User onboarding friction could reduce adoption, but it aligns India with global AML standards for long-term stability.
India’s crypto market is entering a more tightly regulated phase as authorities move to close long-standing gaps in oversight.
In an effort to curb fraud, money laundering, and anonymous cryptocurrency activity, the country’s Financial Intelligence Unit (FIU-IND) has introduced a new set of stricter Know Your Customer (KYC) and Anti-Money Laundering (AML) rules for crypto platforms.
While regulators say the measures bring India in line with global standards, the changes are already reshaping how exchanges operate.
The FIU has released the new KYC norms under the Prevention of Money Laundering Act (PMLA), 2002.
The rules will take effect on Jan. 8 and apply to all platforms offering crypto-related services in India.
While they build on earlier guidelines issued in March 2023, the new framework introduces significantly more requirements to address the anonymous and near-instant nature of crypto transactions.
Key changes include mandatory live selfie verification with liveness detection, geo-tagging during onboarding to capture latitude, longitude, timestamp, date, and IP address, and OTP verification for both email and mobile numbers.
Users must now provide detailed personal information, including income, occupation, bank account details, a Permanent Account Number (PAN), and a secondary identification document, such as an Aadhaar card or a passport.
Additionally, exchanges must conduct “penny-drop” bank verification, perform periodic KYC updates every six months for high-risk users and annually for others, and apply tougher due diligence to suspicious accounts.
Beyond onboarding, platforms must register with FIU-IND through the FINGate portal.
They must undergo mandatory cybersecurity audits by CERT–In–accredited professionals and appoint a designated director for AML and counter-terrorism financing compliance.
Exchanges should also conduct annual risk assessments and submit monthly suspicious transaction reports to relevant authorities.
The framework discourages exposure to Initial Coin Offerings (ICOs), Initial Token Offerings (ITOs), and anonymity-enhancing tools such as mixers or tumblers, and requires exchanges to mitigate associated risks.
Customer and transaction records must be retained for at least five years, or longer if an investigation is ongoing.
