India’s FIU-IND now treats all virtual asset providers as reporting entities under PMLA, requiring strict KYC, record keeping and a ban on privacy tools and mixers.
Summary
- The FIU-IND has classified all VASP platforms serving Indian users as reporting entities under the Prevention of Money Laundering Act
- Exchanges must enforce selfie KYC, geolocation recording, bank checks and additional IDs while filing suspicious transaction reports with the FIU-IND.
- Mixers, tumblers, privacy tokens and some ICO/ITO activities are effectively banned, with non-compliant platforms risking fines and criminal liability. The FIU has already imposed Rs 28 crore in fines
India has introduced stricter supervision of cryptocurrency platforms, formally bringing the sector under the country’s anti-money laundering framework, according to regulatory notices.
India continues to push forward with cryptocurrency legislation
The Financial Intelligence Unit, operating under the Ministry of Finance, has classified all virtual digital asset service providers as ‘reporting entities’ under the Prevention of Money Laundering Act, 2002. The designation came into effect following a notification issued on March 7, 2023.
Crypto exchanges, wallet providers and related platforms, both based in India and offshore, are now subject to the same compliance standards as banks and other regulated financial institutions, under the new framework.
All providers of virtual digital asset services must register with the FIU-IND to legally operate in the country. Platforms that fail to register face enforcement action, including financial penalties and possible criminal liability. The rules apply to centralized exchanges, custodial wallet providers and offshore platforms offering services to Indian users.
The guidelines introduce extensive know-your-customer requirements. Exchanges are needed to implement live selfie verification, designed to confirm physical presence and detect deepfakes through motion-based checks. Platforms must also record geolocation data when creating an account, including IP address, date and time. Bank account verification is required through a penny-drop process, while users must provide additional government-issued photo ID in addition to their permanent account number.
Transactions using tools that enhance anonymity, including privacy tokens, tumblers or mixers, are prohibited under the new rules. Exchanges should not facilitate such activities. The rules also mandate enhanced due diligence for high-risk clients, including individuals from jurisdictions on the Financial Action Task Force’s black or gray lists, politically exposed persons and non-profit organizations.
Crypto platforms must keep customer identity and transaction data for a minimum of five years, or longer if an investigation is ongoing. According to the regulations, reports of suspicious transactions must be submitted to the FIU-IND if necessary.
The Enforcement Directorate has enforcement powers and has imposed fines totaling Rs 28 crore for non-compliance during the 2024-2025 financial year, according to official data.
