Why in news?

Recently, Financial Intelligence Unit–India (FIU-I) updated its AML/CFT (Anti-Money Laundering/Countering the Financing of Terrorism) guidelines for entities providing services related to Virtual Digital Assets.

The revised norms apply to cryptocurrency exchanges and lay down stricter requirements for customer due diligence, mandating how platforms must vet users and monitor transactions to prevent money laundering and terror financing.

What’s in Today’s Article?

• Stricter KYC and Due Diligence Norms for Crypto Exchanges
• KYC Practices Across Cryptocurrency Exchanges
• How Indian Crypto Exchanges Vet Customers?
• Unclear Legal Status of Cryptocurrency in India

Stricter KYC and Due Diligence Norms for Crypto Exchanges

• Enhanced Customer Verification - Under the updated guidelines issued by FIU-I, cryptocurrency exchanges must conduct robust Know-Your-Customer (KYC) checks.
  • This includes collecting verified identity details, contact information, occupation, income range, and a selfie with liveness detection.
• Location and Bank Account Authentication - Exchanges are required to record the customer’s onboarding location using latitude–longitude data, along with date, timestamp, and IP address.
  • Bank accounts must be verified through the penny drop method, ensuring the account belongs to the customer and is operational.
    • Penny drop method is a bank account verification technique where a tiny amount of money (like ₹1) is sent to an account to confirm its validity and match the account holder's name against provided details.
• Risk-Based Monitoring - Platforms must identify high-risk clients and transactions and apply enhanced due diligence. High-risk customers must update KYC details every six months, while others must do so annually.
• Restrictions on ICOs and Registration Requirements - The guidelines strongly discourage Initial Coin Offering (ICO) and Initial Token Offering (ITO) activities. They also urge all virtual digital asset service providers to register with FIU-IND as reporting entities.
• Ban on Anonymity-Enhancing Tools - Exchanges are barred from facilitating transactions involving privacy-focused tokens and crypto mixers, which obscure transaction trails and hinder traceability, reinforcing India’s AML–CFT compliance framework.

KYC Practices Across Cryptocurrency Exchanges

• Centralised Exchanges and Compliance - Most centralised cryptocurrency exchanges already conduct KYC procedures to ensure lawful use, deter criminal activity, freeze offending accounts, and trace fraudulent transactions. These checks support AML–CFT compliance to prevent misuse of fiat-to-crypto conversions.
• Why Regulators Insist on KYC - Regulators fear cryptocurrencies could be used to evade reporting requirements or finance terrorism. AML laws and Countering the Financing of Terrorism (CFT) rules aim to curb such risks.
  • In 2023, Binance settled with U.S. regulators over failures to prevent and report suspicious transactions.
• Evidence of Illicit Use – It has been reported that groups such as Hezbollah, Hamas, and the Houthis have used crypto at unprecedented scales, reinforcing regulatory concerns.
• The Challenge of Decentralised Exchanges - Not all exchanges enforce stringent KYC. Decentralised exchanges (DEXs) allow anonymous, unregulated transactions with minimal controls.
  • While DEXs have legitimate uses—privacy, avoiding repression, and asset self-custody—they are also attractive to money launderers, scammers, hackers, and terror financiers.
• The Road Ahead for India - To effectively address these risks, Indian regulators will need to go beyond issuing guidelines—strengthening enforcement, oversight, and international cooperation to curb illicit crypto activity without stifling legitimate use.

How Indian Crypto Exchanges Vet Customers?

• Leading Indian exchanges already follow global best practices and bank-level compliance, with the Financial Intelligence Unit–India rules largely formalising existing processes.
• Indian exchanges typically conduct core identity checks, selfie-based face match with liveness detection, and bank account verification under FIU/PMLA norms.
• Some of them also uses geo-tagging to match user location with ID details (with exceptions) and instant KYC via DigiLocker for Aadhaar and PAN.
• Overall, FIU-IND’s updated guidelines do not introduce drastic changes; they codify practices already in place across major Indian crypto exchanges, including DigiLocker-based KYC and periodic re-verification.

Unclear Legal Status of Cryptocurrency in India

• Cryptocurrency in India operates in a regulatory grey zone, with investors and industry leaders repeatedly seeking clearer rules.
• While debates continue, policy responses have largely focused on legality and security, lagging behind comprehensive crypto frameworks emerging in the US, Europe, and East Asia.
• Although virtual digital assets are taxed at 30% on capital gains with a 1% TDS, India offers little investor protection against scams, hacks, or unfair practices by private platforms.
• Many users choose Indian exchanges to comply with tax and legal norms, but face uncertainty and a discouraging regulatory environment due to the absence of a clear, investor-friendly legal framework.