India tightens crypto noose: Live selfies, geo-tagging now mandatory for users
New Delhi: In an effort to eliminate illegal activity in the digital asset market, India's Financial Intelligence Unit (FIU) has unveiled stringent new Anti-Money Laundering (AML) and Know Your Customer (KYC) protocols for cryptocurrency exchanges, including mandatory liveness detection and geographical tracking during the onboarding process.
The updated guidelines, issued on January 8 and accessed by PTI, classify crypto exchanges as Virtual Digital Asset (VDA) service providers who will now have to do more than just allow simple document uploads.
Under the new rules, users must take a "live selfie" using software that verifies their presence, typically through eye-blinking or head movement. The measure helps prevent the use of static photos or deepfakes.
Exchanges must record the exact latitude and longitude, date, timestamp, and IP address from which a user starts creating an account.
The "penny-drop" method, which involves processing a nominal Re 1 transaction to confirm that the bank account is active and belongs to the registrant, is required.
In addition to a Permanent Account Number (PAN), users must provide a secondary ID such as a Passport, Aadhaar or a Voter ID, along with an OTP verification for the email ID and phone number.
The FIU, which operates under the Union Finance Ministry, is taking a tough stance against tools meant to conceal the paper trail of crypto wealth. The new guidelines aim to "strongly discourage" Initial Coin Offerings (ICOs) and Initial Token Offerings (ITOs) due to their lack of economic justification and high risk.
The FIU is the single-point regulator for cryptocurrency exchanges (reporting entities or VDA service providers) operating in India under the provisions of the Prevention of Money Laundering Act (PMLA).
All such exchanges have to register with the FIU as reporting entities and submit regular reports on suspicious transactions and maintain records of their clients (customers) to identify and combat money laundering, terrorist financing and proliferation financing risks associated with crypto assets, which India has not identified as a legal tender but are taxed under the Income-Tax law.
"The RE (crypto exchange) shall also ensure that the client whose credentials are being furnished at the time of onboarding is the same individual who is actually accessing the application and personally initiating the account creation process, they stipulate.
"The authenticity of such access and personal presence shall be established by capturing a live photograph of the client and employing liveliness detection technology to verify the client's physical presence...," the guidelines state.
The exchanges have been asked to do a KYC updation for "high-risk" clients every six months and for all others annually.
An 'enhanced client due diligence', by gathering details from open sources and consulting independent databases, is to be done for high-risk individuals or entities who either have links to tax haven countries or jurisdictions named under the FATF grey or black list and politically exposed persons (PEPs) or non-profit organisations (NPOs).
On ICOs/ITOs, the guidelines state that these activities present "heightened and complex" money laundering and terror financing risks as they "lack" justified economic rationale, while anonymity-enhancing crypto tokens (AECs), tumblers and mixers are designed to conceal or obfuscate the origin, ownership or value of transactions.
Such transactions shall not be facilitated and must trigger suitable risk mitigation measures, they state.
As the name suggests, crypto tumblers or mixers blend coins from different sources after a transaction, making it very difficult for them to be traced.
The guidelines also ask exchanges to preserve client ID, their address and transaction details for at least five years and retain them until an investigation is closed.