India has instructed cryptocurrency trading platforms to sharply tighten how they verify customers (KYC), requiring them to provide liveness checks, location data, and additional documents when onboarding users.
According to The Times of India, the Financial Intelligence Unit (FIU), which reports to the Finance Ministry, now treats exchanges as virtual digital asset service providers and as reporting entities under the Prevention of Money Laundering Act. They must register with the FIU, file suspicious transaction reports, and maintain detailed records, even though crypto assets are still not recognized as legal tender and are only taxed under income rules.
Live Presence Tests and Recurring Reviews
Under the new rules, anyone opening an account will need to capture a real-time selfie using liveness tools to confirm physical presence, a step aimed at blocking deepfakes and recycled images. At the same time, exchanges must store the latitude and longitude, date, time, and internet protocol address linked to the signup attempt.
Bank details also face tighter checks. Platforms must send a nominal payment of one rupee to the declared account to verify that it is active and belongs to the applicant, while customers must provide a Permanent Account Number (PAN) along with a second identity document, such as a passport or voter identity card, and confirm both email and mobile numbers through one-time passwords.
Additionally, Know Your Customer (KYC) records must be updated every six months for high-risk accounts and once a year for others, with extra checks on clients linked to tax havens, countries on the Financial Action Task Force grey or black lists, politically exposed individuals, and nonprofit entities, using open sources and commercial databases.
Initial Offerings and Mixers Flagged as High Risk
Along with the new rules, the FIU warned that Initial Coin Offerings (ICOs), Initial Token Offerings (ITOs), anonymous coins, and services such as tumblers and mixers have a higher risk of being used for money laundering and financing terrorism and lack a clear economic purpose, instructing exchanges not to support these activities and to use strict risk measures when they encounter them.
Finally, customer identity data, addresses, and transaction histories must be kept for at least five years and preserved for longer if a case remains under investigation.
