India is tightening its know-your-customer rules for cryptocurrency users during onboarding, as part of new guidance issued by the country’s Financial Intelligence Unit.
Summary
- India’s FIU has mandated live selfie KYC with geolocation and IP tracking for all new crypto users.
- Crypto exchanges will be required to update KYC every 6 or 12 months based on user risk.
- ICOs, ITOs, and anonymity-focused crypto tools have been flagged as high risk under the new guidance.
The updated guidance requires regulated crypto platforms to implement more stringent measures when onboarding users and to conduct verification more frequently than before, according to a Times of India report.
New requirements include live selfie pictures that use software to confirm physical presence through features such as eye-blinking or head movement, designed to curb the use of static images that can be deepfaked.
Meanwhile, users will have to submit additional government-issued photo identification, such as a passport, Aadhaar, or voter ID, and verify both their email address and mobile number. Exchanges must also conduct a small test transaction to the user’s bank account before they are eligible to access platform services.
At the time of registration, exchanges will also be required to capture the user’s IP address, geolocation, timestamp, and device details.
Lastly, KYC would need to be updated every six months for users classified as high-risk clients, and annually for all other customers.
These tighter measures follow major security incidents that targeted two of India’s most active cryptocurrency exchanges over the past two years. First, in 2024, WazirX, India’s largest exchange at the time, lost approximately $235 million worth of various cryptocurrencies in a breach that severely disrupted its operations and led to a court-monitored recovery plan.
The following year, CoinDCX, which ranked among the country’s top exchanges, fell victim to a $44 million hack. Although the attack targeted an internal operational wallet used for liquidity on a partner exchange and not customer cold wallets, the breach raised further concerns around platform risk.
Within the guidelines, the FIU also reiterated its strong opposition to the use of privacy-enhancing tools such as crypto mixers, tumblers, and obfuscation techniques, along with tokens designed to conceal ownership and transaction history.
The regulator also seeks to “strongly discourage” Initial Coin Offerings and Initial Token Offerings, which it believes pose heightened and complex risks related to money laundering and terror financing, the report said.
As such, the FIU requires all registered entities to implement the necessary controls to prevent any transactions connected with privacy coins, mixers, and unregulated token offerings.
Crypto industry under check
India became one of the most tightly regulated jurisdictions for crypto after it imposed a flat 30% tax on capital gains from digital asset transactions and disallowed offsetting of losses. Many within the country’s crypto sector argue that the policy is choking what could be one of the largest total addressable markets in the world.
Since categorizing Virtual Digital Asset service providers under the Prevention of Money Laundering Act back in March 2023, the FIU has steadily pushed toward mandatory registration and compliance for all exchanges operating in the country.
Recent data suggests that a total of 49 entities registered as reporting institutions during the 2024–25 period, including 45 domestic platforms and four major offshore exchanges such as Binance, Coinbase, and KuCoin, which re-entered the market after completing their compliance procedures.
Yet, key agencies like the Reserve Bank of India remain skeptical of cryptocurrencies and have continued to classify them as high-risk assets for the country’s financial system and macroeconomic stability.
Source: https://crypto.news/india-mandates-tighter-kyc-for-crypto-users-under-new-fiu-rules/
