India has taken another decisive step in regulating digital assets, pulling the entire crypto ecosystem firmly into its anti–money laundering net. The Financial Intelligence Unit (FIU-IND), which functions under the Ministry of Finance, now treats all virtual digital asset service providers as “reporting entities” under the Prevention of Money Laundering Act (PMLA) — the same framework used for banks and other financial institutions. The move flows from an official notification issued on March 7, 2023, and significantly raises the bar on compliance for platforms serving Indian users.
What this means in practice is simple: exchanges, wallet providers, and related platforms — whether they operate from India or offshore — must register with FIU-IND to legally provide services in the country. If they don’t, they risk strong enforcement actions, including financial penalties and even criminal liability. The rules cover centralized platforms, custodial wallets, and any offshore entity that offers services to Indian residents.
The most visible change for users will be tougher know-your-customer checks. Exchanges are now required to use live selfie verification that confirms a real, physically present person and helps detect deepfakes through movement-based prompts. They must also capture geo-location information such as IP address, date, and time at the moment an account is created. Bank account validation through a “penny-drop” test is compulsory, and users need to submit an additional government-issued photo ID along with their Permanent Account Number.
There is also a clear push to stamp out anonymity tools. Transactions involving mixers, tumblers, privacy tokens, or other anonymity-enhancing services are prohibited, and platforms are barred from facilitating such activity. Certain ICO/ITO activities fall inside that restriction as well. The framework further calls for enhanced due diligence for high-risk customers — including Politically Exposed Persons, non-profit organizations, and users from jurisdictions listed by the Financial Action Task Force (FATF) on grey or black lists.
Record-keeping obligations are stricter too. Crypto platforms must retain customer identity details and transaction histories for at least five years, and longer if an investigation is underway. They are required to file Suspicious Transaction Reports with FIU-IND whenever red flags arise.
Oversight isn’t just on paper. The Enforcement Directorate has authority to act on violations and has already imposed penalties amounting to 28 crore rupees during the 2024–25 fiscal year for non-compliance, according to official data.
With these changes, India is signaling that crypto will operate under the same anti-money laundering expectations as traditional finance. For users and platforms alike, the message is clear: transparency, registration, and robust KYC are now non-negotiable parts of the country’s digital asset landscape.
Also Read: Dubai Draws a Hard Line on Privacy Coins and Tightens Stablecoin Rules
