India has moved to significantly tighten oversight of cryptocurrency platforms, formally bringing the sector under the country’s anti-money laundering framework.
New compliance obligations now apply to all crypto exchanges and service providers operating in or serving users in India.
Crypto Platforms Classified as Reporting Entities
The Financial Intelligence Unit, operating under the Ministry of Finance, has classified all virtual digital asset service providers as “reporting entities” under the Prevention of Money Laundering Act, 2002. The designation took effect following a notification issued on March 7, 2023.
As a result, crypto exchanges, wallet providers, and related platforms, whether based in India or offshore, are now subject to the same compliance standards as banks and other regulated financial institutions.
Mandatory Registration and Operating Conditions
Under the updated framework, all VDA service providers must register with FIU-IND to legally operate in the country. Platforms that fail to register risk enforcement action, including financial penalties and potential criminal liability.
The rules apply broadly, covering centralized exchanges, custodial wallet providers, and offshore platforms offering services to Indian users.
Enhanced KYC and Identity Verification
The guidelines introduce expanded KYC requirements aimed at strengthening user identification and preventing misuse. Exchanges are required to implement live selfie verification designed to confirm physical presence and detect deepfakes through movement-based checks.
Platforms must also capture geo-location data at account creation, including IP address, date, and time. Bank account verification is mandatory through a “penny-drop” process, while users must submit an additional government-issued photo ID alongside their PAN.
Restrictions on Privacy Tools and High-Risk Clients
Transactions involving anonymity-enhancing tools, including privacy tokens, tumblers, or mixers, are explicitly prohibited. Exchanges are barred from facilitating such activity.
The rules also mandate enhanced due diligence for high-risk clients, including individuals from jurisdictions on FATF black or grey lists, Politically Exposed Persons, and non-profit organisations.
Record-Keeping and Enforcement Powers
Crypto platforms must retain customer identity and transaction records for at least five years, or longer if an investigation is ongoing. Suspicious Transaction Reports must be submitted to FIU-IND when required.
Enforcement authority rests with the Enforcement Directorate, which has already imposed significant fines for non-compliance, including ₹28 crore during the 2024–25 fiscal year.
