FIU Tightens KYC Norms For Crypto Exchanges, Mandates Selfie, Geo-Tagging And Penny-Drop Bank Verification

New Delhi, Jan 12 (KNN) India’s financial intelligence agency has tightened KYC norms for crypto exchanges, mandating selfie-based liveness checks, geo-tagging and bank account verification through the penny-drop method to strengthen anti-money laundering and counter-terror financing controls.

According to updated guidelines issued by the Financial Intelligence Unit (FIU) on January 8, crypto exchanges must comply with additional due diligence requirements while onboarding users. 

The revised norms form part of the Anti-Money Laundering (AML) and Combating Financing of Terrorism (CFT) framework for entities providing services related to virtual digital assets (VDAs).

Mandatory KYC Measures

The guidelines mandate that exchanges collect a customer’s PAN, a live selfie with liveness detection, and geo-coordinates of the onboarding location along with the date, time, IP address, and timestamp, ensuring that the person submitting the credentials is the same individual initiating the account creation.

To establish physical presence and authenticity, exchanges are required to capture a live photograph and deploy liveness detection technology, similar to systems used for pension life certificates.

In addition, customers must submit one officially valid identity and address proof, such as a passport, driving licence, Aadhaar (proof of possession), voter ID or equivalent document, along with verification of mobile number and email ID through OTP.

Exchanges are also required to verify customers’ bank accounts using the ‘penny-drop’ mechanism, under which a refundable Re 1 transaction is used to confirm ownership and operational status of the account.

Risk-Based Due Diligence

The guidelines require KYC updates every six months for high-risk clients and annually for others. High-risk individuals and entities, such as those linked to tax havens, FATF grey/blacklist jurisdictions, politically exposed persons (PEPs), and non-profits, must undergo enhanced due diligence using open-source intelligence and independent databases.

The FIU has also discouraged crypto exchanges from facilitating Initial Coin Offerings (ICOs) and Initial Token Offerings (ITOs), citing heightened money laundering and terror financing risks due to the lack of clear economic rationale.

Transactions involving anonymity-enhancing crypto tokens, tumblers and mixers, tools designed to obscure the origin and ownership of digital assets, must not be facilitated and should trigger appropriate risk mitigation measures.

Compliance and Record-Keeping

All crypto exchanges operating in India must be registered with the FIU as reporting entities under the Prevention of Money Laundering Act (PMLA). 

They are required to submit reports on suspicious transactions and preserve customer identity, address and transaction records for at least five years, or until the conclusion of any investigation.

India does not recognise cryptocurrencies as legal tender, but taxes income from virtual digital assets under the Income-Tax law.

(KNN Bureau)