India’s Financial Intelligence Unit (FIU) has significantly raised the compliance bar for cryptocurrency platforms, introducing tougher Anti-Money Laundering
(AML) and Know Your Customer (KYC) requirements to curb illicit financial activity in the digital asset ecosystem. The revised framework, notified on January 8, aims to address risks linked to anonymity, speed, and the cross-border nature of virtual digital asset transactions. Under the updated norms, crypto exchanges are now formally classified as Virtual Digital Asset (VDA) service providers. This classification brings them squarely under enhanced regulatory oversight, requiring platforms to move beyond basic document uploads and adopt more strict verification mechanisms. Due Diligence Takes Centre Stage The FIU has stressed the need for a more specific Client Due Diligence (CDD) framework, citing the vulnerability of VDA transactions to misuse for money laundering, terror financing, and proliferation financing. Reporting entities (REs) are now required to identify users by collecting detailed personal information and verifying identities through reliable, independent sources. In addition to standard identification documents, platforms must gather advanced digital identifiers. These include IP addresses with timestamps, geo-location data, ID verification through selfies, device IDs, VDA wallet addresses, and transaction hashes. Such data points are considered essential for authentication, monitoring, and comprehensive risk assessment. PAN Verification And Banking Checks Made Mandatory A key change under the new rules is the compulsory collection and verification of a client’s Permanent Account Number (PAN) for onboarding or conducting any VDA-related activity. FIU has made it clear that PAN compliance is non-negotiable within the CDD framework. Bank account verification must now be conducted through a penny-drop mechanism to confirm both ownership and operational status. Additionally, users are required to submit a secondary identity document, such as an Aadhaar card, passport, or voter ID, along with OTP verification for their registered email and mobile number. Crackdown On High-Risk Activities And ICOs The guidelines also take a firm stance against Initial Coin Offerings (ICOs) and Initial Token Offerings (ITOs), stating that such fundraising mechanisms lack adequate economic justification, risk mitigation, and transparency. Updated and enhanced due diligence is mandated for high-risk transactions, politically exposed persons, non-profit organisations, and entities linked to high-risk jurisdictions, including FATF grey- and black-listed countries. To tackle anonymity-enhancing tools like tumblers and mixers, exchanges must deploy advanced transaction monitoring systems. Any suspicious activity detected through these tools must not be facilitated and should trigger immediate risk mitigation steps. These new and stricter compliance regimes will boost investor confidence by enhancing trust, transparency, and accountability. It also signals the government’s intent to move towards a comprehensive regulatory structure that safeguards users while supporting the long-term, sustainable growth of India’s crypto industry.
