Crypto platforms face geo-tracking and bank verification under updated AML norms

India's financial crimes watchdog, Financial Intelligence Unit (FIU), has unveiled stringent new checks on cryptocurrency exchanges, requiring "liveness detection" and geographical tracking for new users in a broad move to stamp out money laundering in the digital asset sector.

The updated guidelines, issued on January 8 by the FIU, mandate that crypto platforms must go beyond simple document uploads. Under the new regime, exchanges are required to capture "live selfies" of users to verify their physical presence, utilising software that detects eye blinking or head movements to prevent the use of static photos or deepfakes.

The move marks a significant tightening of the regulatory net around India's crypto market, which operates under the oversight of the Union Finance Ministry. While the country is yet to classify crypto assets as legal tender, it has aggressively brought the sector under the ambit of the Prevention of Money Laundering Act (PMLA), requiring exchanges to register as reporting entities.

Location and bank verification

The new protocols require exchanges to record the exact latitude and longitude, timestamp, and IP address from which a user initiates account creation. Platforms must also employ the penny-drop method, which involves processing a nominal Rs 1 transaction, to verify that a user’s bank account is active and matches their registration details.

In addition to the Permanent Account Number (PAN), users must now provide a secondary form of identification, such as a passport, Aadhaar, or voter ID, along with OTP verification for email and phone numbers.

The guidelines also take a hard line on tools designed to obscure transaction trails. The FIU stated that Anonymity-Enhancing Crypto Tokens (AECs), often known as privacy coins, and "mixers" or "tumblers" used to blend coins from different sources, lack economic justification and present high money laundering risks. Transactions involving these assets "shall not be facilitated," effectively banning them from compliant Indian exchanges. Initial Coin Offerings (ICOs) are also "strongly discouraged."

Exchanges must now update KYC details for "high-risk" clients every six months and annually for others. "Enhanced client due diligence" is required for politically exposed persons (PEPs) and individuals linked to jurisdictions on the Financial Action Task Force (FATF) grey or black lists.

Also Read

India risks losing crypto users without swift regulation, says Binance APAC Chief

Compliance costs vs. user growth

The tighter scrutiny is expected to reshape the unit economics of onboarding new investors.

An industry source, who asked not to be identified discussing internal operations, said that while the new rules will increase the cost of compliance, they will not be difficult to implement technically. The source noted that the fintech industry already manages similar compliance loads and that exchanges can leverage third-party "plug-and-play" services to get up to speed quickly.

However, the source warned that the primary impact would be on user acquisition. The added friction during the onboarding process is expected to lead to a higher drop-off rate among interested users who may be deterred by the lengthy KYC requirements, creating a “funnel leakage” problem that has plagued other segments of the fintech industry.

Industry response

Major industry players are positioning the move as a step toward institutional maturity.

“We welcome the FIU-IND’s updated guidelines as a positive and timely step for India’s crypto ecosystem,” said Edul Patel, CEO of Mudrex. He added that many of the measures, including strong KYC norms, transaction monitoring, cybersecurity audits, and Travel Rule compliance, were already being followed by responsible exchanges.

“Putting them formally on paper helps standardise best practices across the industry,” Patel said. For investors, he noted, the rules strengthen trust, transparency, and accountability, while signalling the need for a comprehensive regulatory framework that protects users and allows the sector to grow in a sustainable manner.

Vimal Sagar Tiwari, Co-founder of CoinSwitch, said, the guidelines bring much-needed regulatory clarity to the virtual digital assets ecosystem. He described the requirement to register with the Financial Intelligence Unit of India before commencing VDA-related business as “a significant step that strengthens oversight and accountability.” Tiwari also welcomed the AML and CFT guidelines for establishing uniform compliance standards that create a level playing field and build industry-wide trust.

The emphasis on appointing a Designated Director ensures clear senior-level accountability and embeds AML and CFT obligations into business strategy and decision-making, Tiwari said. By mandating board-level oversight, the rules strengthen governance and risk management, enabling responsible innovation while deterring bad actors. He added that CoinSwitch has invested in a scalable compliance framework aligned with both current and future regulatory expectations.