India’s cryptocurrency ecosystem is adapting to heightened regulatory scrutiny, with the Financial Intelligence Unit-India (FIU-IND) imposing stricter Know Your Customer (KYC) and anti-money laundering (AML) requirements on virtual digital asset (VDA) service providers. Central to these updates is a mandate for live selfie verification paired with geo-location checks during user onboarding, aimed at curbing fraud, money laundering and illicit transactions in a market prone to such risks.
These measures build directly on the Prevention of Money Laundering Act (PMLA), bringing offshore and domestic crypto exchanges under enhanced compliance obligations. FIU-IND’s directive addresses vulnerabilities in prior processes, where static ID scans and basic “penny drop” bank verifications – involving a nominal deposit to link accounts – proved insufficient against sophisticated document forgery or location spoofing. Recent Chainalysis data underscores the urgency, noting a sharp rise in South Asian crypto-related crime, prompting regulators to demand verifiable, real-time user identity and presence.
The core of the overhaul requires users to submit a live selfie during registration, captured via the exchange’s app to confirm liveness and match against official ID photos like PAN cards, Aadhaar, passports or driving licences. Simultaneously, geo-tagging captures the user’s precise location at the time of verification, often through device GPS access, preventing claims of residency from unregulated jurisdictions. Exchanges must also implement ongoing transaction monitoring for suspicious patterns, such as unusual volumes or peer destinations, with detailed reporting to FIU-IND.
Major platforms are rolling out these changes swiftly. CoinDCX, WazirX and others now prompt new users for selfie and location data mid-onboarding, while existing accounts undergo re-verification where gaps exist. This shift replaces or supplements older PAN-based KYC, elevating standards to match banking norms and ensuring platforms like these fully register as Reporting Entities under FIU oversight.
Industry responses reflect a mix of acceptance and caution. Executives recognise the rules’ role in legitimising crypto amid global AML pressures, but highlight friction points: added steps slow onboarding for novices, biometric data storage amplifies privacy risks, and tech integration burdens smaller exchanges with compliance costs. Facial recognition errors could flag legitimate users erroneously, while mandatory location sharing raises data security questions – though platforms assure encrypted handling solely for verification.
“We support robust KYC to build trust, but implementation must prioritise user experience,” noted a spokesperson from a leading exchange, echoing broader calls for streamlined processes. Smaller players worry about market consolidation, as resource-intensive upgrades favour incumbents.
Looking ahead, these mandates signal India’s push toward regulated crypto maturity, balancing innovation with financial safeguards. Success depends on collaborative refinements – perhaps tiered verification for low-risk users or clearer data protection guidelines – to sustain growth without alienating participants. As platforms adapt, the rules could foster investor confidence, but their real test lies in minimising barriers while maximising security.
