India’s approach to regulating cryptocurrencies has taken another incremental but significant step. On January 8, the Financial Intelligence Unit–India (FIU-IND) updated its AML and CFT guidelines for entities dealing in virtual digital assets, including cryptocurrency exchanges. While the changes do not radically alter existing practices, they formalise stricter compliance expectations and underline the government’s growing focus on surveillance, traceability, and risk management in the crypto ecosystem.
What Are the New FIU-IND Guidelines About?
The updated norms apply to “reporting entities” providing services related to virtual digital assets — chiefly cryptocurrency exchanges. Issued by Financial Intelligence Unit – India, the guidelines are aimed at aligning crypto platforms with India’s anti-money laundering (AML) and countering the financing of terrorism (CFT) framework.
At their core, the rules seek to ensure that crypto transactions do not become conduits for illegal activities such as terror financing, money laundering, ransomware payments, or sanctions evasion.
Stricter KYC: What Exchanges Must Collect
Under the updated framework, exchanges must carry out enhanced Know Your Customer (KYC) checks. Beyond basic identity and contact details, platforms are now required to collect:
- Customer’s occupation and income range,
- A selfie with “liveness detection” to prevent impersonation,
- Latitude and longitude of the onboarding location, along with date, timestamp and IP address,
- Verified bank account details using the “penny drop” method.
These measures are intended to ensure that accounts are genuine, traceable, and linked to real-world financial identities.
Risk-Based Monitoring and Periodic Re-KYC
The guidelines require exchanges to classify customers based on risk. High-risk clients and transactions must be subjected to enhanced due diligence.
Under this system:
- High-risk customers must undergo KYC updates at least once every six months.
- All other customers must be re-verified at least annually.
This brings crypto exchanges closer to bank-level compliance standards.
Crackdown on Anonymity and Obscuring Tools
FIU-IND has explicitly barred exchanges from facilitating transactions involving anonymity-enhancing crypto tokens and “mixers” — services that deliberately obfuscate transaction trails. Such tools are frequently associated with laundering proceeds of crime.
The regulator has also strongly discouraged Initial Coin Offerings (ICOs) and Initial Token Offerings (ITOs), and urged all virtual digital asset service providers to register with FIU-IND as reporting entities.
Why Regulators Are Concerned About Crypto
Globally, regulators fear that fiat currency can be converted into harder-to-trace crypto assets to bypass legal reporting systems. AML and CFT rules exist precisely to prevent this.
High-profile international cases have reinforced these fears. In 2023, Binance settled with US regulators for failures in monitoring and reporting suspicious transactions. Blockchain analytics firm Chainalysis has also reported growing crypto usage by groups such as Hezbollah and Hamas.
Indian authorities are keen to ensure that domestic exchanges are not exploited for similar purposes.
Centralised Exchanges vs Decentralised Platforms
Most centralised exchanges operating in India already follow KYC norms. However, decentralised exchanges (DEXs) typically allow anonymous, peer-to-peer transactions with minimal oversight.
While DEXs have legitimate uses — such as privacy protection or asset self-custody — they are also attractive to hackers, scammers and terror financiers. FIU-IND’s guidelines mainly target centralised platforms, highlighting the limits of regulation in a decentralised crypto environment.
How Indian Exchanges Are Responding
Major Indian exchanges have indicated that the new rules largely formalise existing practices. WazirX, CoinDCX and ZebPay already conduct identity checks, selfie verification, bank validation and periodic re-KYC.
Industry players have welcomed measures like liveness detection and geo-tagging as steps that improve transparency and credibility, especially as India seeks wider acceptance of crypto within a regulated framework.
The Bigger Gap: Legal Clarity on Crypto
Despite tighter compliance norms, India still lacks a comprehensive cryptocurrency law. Virtual digital assets are taxed heavily — 30% capital gains tax and 1% TDS — yet investors have limited protection against hacks, fraud, or unfair practices.
Compared to the US, Europe and East Asia, where detailed crypto and stablecoin legislation is being developed, India’s approach remains piecemeal and enforcement-driven rather than innovation-friendly.
What to Note for Prelims?
- FIU-IND updated AML & CFT guidelines for crypto entities in January.
- Mandatory KYC includes liveness detection, geo-tagging and bank verification.
- Anonymity-enhancing tokens and mixers barred.
- High-risk crypto users require more frequent re-KYC.
What to Note for Mains?
- Balancing financial surveillance with innovation in fintech regulation.
- Limits of regulating decentralised technologies through centralised rules.
- Role of AML/CFT norms in emerging digital asset markets.
- Need for comprehensive crypto legislation beyond taxation and compliance.
