New KYC rules for cryptocurrency customers in India: What's new?
What's the story
India's Financial Intelligence Unit (FIU) has introduced new anti-money laundering and terrorist financing KYC protocols for cryptocurrency exchanges. The guidelines mandate a selfie with liveness detection, geographical coordinates recording, and bank account verification by the 'penny-drop' method. These measures are aimed at preventing money laundering and terrorist financing through virtual digital assets.
Regulatory intent
New measures aim to prevent illicit activities
The FIU, a body under the Union Finance Ministry, has updated these guidelines almost three years after they were first issued in March 2023. Under the Prevention of Money Laundering Act (PMLA), all crypto exchanges must now register with FIU as reporting entities and file regular reports on suspicious transactions.
Client due diligence
Exchanges must collect detailed client information
The new guidelines require exchanges to obtain the Permanent Account Number (PAN), selfie with liveness detection, and latitude and longitude coordinates of the onboarding location, with date and timestamp. They also have to collect the IP address of the customer as part of their 'client due diligence' measures. This is to ensure that the client whose credentials are being furnished at the time of onboarding, is indeed accessing the application and personally initiating account creation.
Verification requirements
Exchanges must verify client identity and address
The exchanges have also been directed to collect another identity and address document of the client, such as a passport, driving license, Aadhaar proof of possession, voter ID, or an equivalent ID. They also have to verify their mobile number and email through a one-time password (OTP). These measures are part of the KYC process for onboarding users onto cryptocurrency exchanges.
Account confirmation
Bank account verification and KYC updates
The guidelines mandate a bank account verification through the 'penny-drop' mechanism to confirm ownership and operational status. Under this method, a refundable ₹1 credit is taken by the banking or payment gateway from the customer to authenticate their bank account. Exchanges have also been directed to do a KYC update for "high-risk" clients every six months and for all others annually.
Risk assessment
Enhanced due diligence for high-risk individuals
The guidelines call for an 'enhanced client due diligence' for high-risk individuals or entities linked to tax haven countries. This includes those named under the FATF gray or black list, politically exposed persons (PEPs), and non-profit organizations (NPOs). The FIU has also discouraged Initial Coin Offerings (ICOs) and Initial Token Offerings (ITOs) by exchanges as they pose "heightened and complex" money laundering risks.