India has rolled out tougher oversight of digital asset platforms, with new india crypto kyc requirements reshaping how exchanges verify and monitor their customers.
India formally classifies VDA platforms and tightens onboarding checks
On January 8, the Financial Intelligence Unit of India (FIU-IND) issued updated guidelines that formally classify crypto exchanges as Virtual Digital Asset (VDA) service providers. Under this move, platforms must implement enhanced Anti-Money Laundering (AML) and Know Your Customer (KYC) controls. The changes aim to curb illicit finance risks tied to the speed and pseudonymous nature of crypto transactions.
However, the new framework goes beyond traditional document-based onboarding. Reporting entities must conduct live identity verification and strengthen Client Due Diligence processes. Regulators argue that without these safeguards, digital assets could be misused for money laundering, terror financing and proliferation financing, especially given their cross-border and real-time characteristics.
Under the guidelines, exchanges are required to identify customers using reliable and independent data sources. Moreover, platforms must collect an expanded set of technical identifiers, including IP addresses with timestamps, geolocation data, device IDs, wallet addresses and transaction hashes. These data points are intended to support verification, transaction monitoring and granular risk assessment.
Mandatory PAN, bank verification and multi-factor checks
The FIU has made it compulsory for exchanges to collect and verify a customer’s Permanent Account Number (PAN) before permitting any VDA-related activity. This links crypto activity directly to India’s tax identity framework and strengthens traceability. That said, the requirement also raises the bar for onboarding compared with earlier, more basic KYC flows.
In FY 2024–25, a total of 49 crypto exchanges registered with FIU-IND to comply with AML and anti-terror financing obligations. Of these, 45 are India-based platforms, while 4 are overseas exchanges serving local users. The registration data underline the regulator’s intent to bring both domestic and foreign players under a uniform compliance perimeter.
Bank account verification has also been tightened. Platforms must now use a penny-drop mechanism to confirm the ownership and operational status of linked bank accounts, sending a small test amount to validate details. Moreover, users must provide an additional government-issued ID, such as a passport, Aadhaar card or voter ID, alongside one-time password checks for registered email addresses and phone numbers.
Industry participants say these measures largely standardize practices already adopted by major exchanges. Selfie-based verification, secondary ID checks and penny-drop confirmations were common at leading platforms. However, the new rules reduce ambiguity, create a clearer compliance playbook and lower the risk of uneven regulatory enforcement across the sector.
Heightened scrutiny of token fundraising and high-risk clients
Beyond onboarding, the FIU used the guidelines to directly address token fundraising. The authority signaled that the framework is designed to strongly discourage Initial Coin Offerings and Initial Token Offerings. Officials cited concerns over economic rationale, disclosure standards and the robustness of risk mitigation in many such sales, which often target retail investors.
Enhanced due diligence will be mandatory for a range of higher-risk categories. These include transactions deemed high value or high risk, clients classified as politically exposed persons, non-profit organizations and customers connected to jurisdictions placed on the Financial Action Task Force (FATF) grey or black lists. Moreover, exchanges must be able to show that their controls for these groups go beyond baseline KYC checks.
Under the new india crypto kyc framework, exchanges are also required to deploy monitoring tools to detect the use of mixers, tumblers and other anonymity-enhancing services. Where such activity is identified, platforms must block the related transactions. This reflects growing global pressure on intermediaries to close off channels used to obscure the origin and flow of digital assets.
Data retention, monitoring and tax enforcement concerns
The rules impose strict record-keeping duties on registered VDA platforms. Exchanges must retain customer identity information and detailed transaction records for at least five years, or longer if any investigation or enforcement action remains ongoing. However, this extended retention requirement also increases the operational and data security responsibilities for reporting entities.
Last week, Indian tax officials renewed their concerns over cryptocurrency activity and its impact on fiscal oversight. During a recent parliamentary standing committee on finance, the Income Tax Department warned that the rapid growth in digital asset usage could weaken the country’s ability to enforce tax rules effectively. Moreover, authorities hinted that closer coordination between tax, financial intelligence and sectoral regulators will be needed.
Overall, the latest FIU guidelines signal a decisive shift toward a more tightly regulated digital asset market in India. While exchanges view the clarified rules as helpful for long-term compliance planning, users face far stricter verification, monitoring and data-sharing conditions whenever they interact with VDA platforms.
Source: https://en.cryptonomist.ch/2026/01/12/india-crypto-kyc-tightens/
