India Mandates Live Selfies, Geo-Tagging for Crypto Users Under New KYC Rules
Overview
India's Financial Intelligence Unit (FIU) has rolled out stringent KYC and AML norms for crypto exchanges, mandating live selfie verification and geo-tagging for users. These rules aim to bolster identity verification, prevent deepfakes, and combat money laundering, significantly altering the operational framework for virtual digital asset providers in the country.
New Identity Verification Mandates
India's Financial Intelligence Unit (FIU) has imposed significantly stricter Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations on cryptocurrency exchanges. Effective January 8, these rules classify exchanges as Virtual Digital Asset (VDA) service providers, demanding more than just basic document uploads.
Users must now undergo live selfie verification, employing technology that detects eye blinking or head movements to confirm physical presence and prevent the use of static images or deepfakes. This is coupled with mandatory geo-tagging, requiring exchanges to capture the exact latitude, longitude, date, timestamp, and IP address associated with account creation.
Enhanced Due Diligence and Transaction Checks
Beyond a Permanent Account Number (PAN), users must submit a secondary identity document like a Passport or Aadhaar, alongside One-Time Password (OTP) verification for both email and mobile numbers. Exchanges will also implement the "penny-drop" method, involving a nominal Re 1 transaction to confirm bank account authenticity and activity. KYC details for high-risk clients will require updates every six months, while standard users need annual revisions.
The FIU, operating under the Union Finance Ministry, is also targeting mechanisms that obscure transaction trails. Initial Coin Offerings (ICOs) and Initial Token Offerings (ITOs) are strongly discouraged due to their perceived lack of economic justification and elevated risk profile. Similarly, anonymity-enhancing tokens, tumblers, and mixers are flagged as tools for concealing transaction origins, demanding appropriate risk mitigation measures from exchanges.
Regulatory Oversight and Record Keeping
As the single-point regulator for Indian crypto exchanges under the Prevention of Money Laundering Act (PMLA), the FIU mandates registration as reporting entities. Exchanges must submit regular reports on suspicious transactions and maintain comprehensive customer and transaction records for a minimum of five years, or until any investigation concludes. While crypto assets are not legal tender, they remain subject to income tax regulations.
