India’s financial regulators have introduced new, stringent guidelines requiring cryptocurrency exchanges to enforce live selfie and geographic location verification as part of user onboarding, marking a significant escalation in anti-money-laundering (AML) and know-your-customer (KYC) compliance for digital asset platforms. The rules were released on January 8, 2026 by India’s Financial Intelligence Unit (FIU), which governs crypto exchange reporting under the Prevention of Money Laundering Act (PMLA).
What the New Rules Require
Under the updated guidelines, all regulated crypto trading platforms — designated as Virtual Digital Asset (VDA) service providers — must implement enhanced identity verification procedures for new users. Key components include:
- Live selfie verification using liveness detection software that checks for natural movements such as eye blinking and head turns to prevent spoofing with static images or deepfakes.
- Geographic location tracking, where exchanges capture users’ latitude and longitude coordinates, along with IP address, timestamp and date at the moment of account creation.
- Collecting government-issued ID such as PAN (Permanent Account Number) along with a secondary ID like Aadhaar, Passport or Voter ID, plus email and mobile OTP verification.
- Bank account confirmation via the “penny-drop” method, which sends a nominal transaction (e.g., ₹1) to verify the account belongs to the user.
The rules are designed to ensure that the person submitting registration details is physically present and genuinely initiating the account creation. Exchanges must treat these enhanced measures as part of routine client due diligence.
Stronger Oversight and Reporting Obligations
The FIU guidelines also require regular reporting of suspicious transactions and maintaining comprehensive records of client information to support investigations into potential money laundering, terrorism financing, and other illicit activity. Platforms must register with the FIU as reporting entities and keep up-to-date KYC records.
For high-risk accounts — such as those linked to jurisdictions on FATF’s grey or black lists, politically exposed persons (PEPs), or entities with tax haven ties — exchanges are directed to perform enhanced client due diligence, collecting broader data and consulting independent databases.
Regulatory Context and Enforcement
The updated protocol aligns India’s crypto ecosystem with global AML and counter-terror financing standards and is part of a broader effort by regulators to clamp down on financial crimes involving digital assets. While cryptocurrencies are not legal tender in India, they are subject to taxation under the Income-Tax Act, and the government has pursued stricter oversight of the sector in recent years.
The FIU, operating under the Union Finance Ministry, has called for annual KYC updates for all users and semi-annual reviews for high-risk clients, emphasizing transparency in a market that has previously operated with varying levels of verification stringency.
Industry and User Impact
Market observers say the stricter onboarding requirements could slow user acquisition for exchanges due to more complex verification steps, but could also strengthen trust among regulators and institutional players. Some industry analysts note this could lead to broader compliance costs for platforms while enhancing the overall legitimacy of the Indian crypto market.
Crypto users and prospective investors should expect these tighter KYC checks for all new accounts going forward, along with more frequent verification requirements for users previously classified as higher risk.
Also Check: U.S. Crypto Spot ETFs See Outflows as Bitcoin Funds Shed $250 M and Ethereum ETFs Drop $93M
FAJP5PTH