India has introduced a fresh round of regulatory tightening for the crypto sector, significantly raising compliance standards for exchanges and virtual digital asset service providers. Under the new rules, crypto platforms must collect live selfies and geographic location data during onboarding, adding biometric and location-based verification to existing KYC procedures.
The updated framework, issued by the Financial Intelligence Unit – India, also strengthens governance and operational oversight. A key change is the formal definition of the Principal Officer’s role, making them directly responsible for AML, counter-terror financing, and counter-proliferation compliance. The officer must report to the board or a board-level committee, with the appointment reviewed annually.
Cybersecurity requirements have also been expanded. Crypto firms must submit a comprehensive Cyber Security Audit Certificate from a CERT-In–empanelled auditor. The audit will assess governance controls, infrastructure and network security, wallet safety, cryptographic controls, incident response readiness, and third-party risks involving cloud services and APIs.
The guidelines further clarify travel rule obligations. Exchanges must collect, verify, and transmit originator and beneficiary details for transactions, including those involving unhosted wallets and certain peer-to-peer transfers. While such wallets are not banned, users may face additional checks or delays for higher-risk transactions.
You need to login in order to Like
Leave a comment