India Tightens Crypto KYC Rules: What FIU-IND’s New Guidelines Mean for Exchanges and Users

India has moved to further tighten oversight of cryptocurrency platforms. On January 8, the Financial Intelligence Unit–India updated its Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) guidelines for entities dealing in virtual digital assets (VDAs). The revised framework lays down more granular Know-Your-Customer (KYC) requirements for crypto exchanges and related service providers — reinforcing the government’s push to prevent misuse of digital assets for illegal activities.

What FIU-IND’s updated guidelines require

Under the revised norms issued by “Financial Intelligence Unit – India”, crypto exchanges must now conduct deeper due diligence when onboarding customers. Beyond basic identity verification, exchanges are required to collect:

• Verified personal identity details and contact information
• Occupation and income range
• A selfie with “liveness detection” to prevent spoofing
• Latitude and longitude of the onboarding location, along with date, time stamp, and IP address
• Bank account verification using the “penny drop” method

The rules also require exchanges to classify users based on risk. High-risk customers must undergo KYC re-verification at least once every six months, while others must do so annually. Platforms must also monitor and flag suspicious or high-risk transactions.

What activities are being discouraged or barred

The guidelines “strongly discourage” Initial Coin Offering (ICO) and Initial Token Offering (ITO)–related activities. They also bar exchanges from facilitating transactions involving anonymity-enhancing crypto tokens and “mixers” — tools that obscure transaction trails and make it harder for authorities to trace illicit flows.

In addition, all service providers dealing with VDAs are urged to register with FIU-IND as reporting entities, bringing a wider swathe of the crypto ecosystem under India’s AML framework.

Is KYC new for crypto exchanges?

For most centralised crypto exchanges, KYC is not new. Platforms facilitating crypto-to-fiat trades have long followed customer verification norms to comply with AML and CFT obligations. Regulators worry that fiat money could otherwise be converted into hard-to-trace crypto assets to evade reporting requirements or fund criminal and terrorist activities.

International precedents reinforce these concerns. In 2023, “Binance” reached a settlement with US regulators over failures to prevent and report suspicious transactions involving criminals, sanctioned users and terror-linked entities. More recently, blockchain analytics firms have flagged the growing use of crypto by groups such as Hezbollah, Hamas and the Houthis.

Why decentralised exchanges remain a challenge

Not all crypto platforms operate under strict KYC norms. Decentralised exchanges (DEXs) often allow users to trade anonymously, without intermediaries. While DEXs are used for legitimate reasons such as privacy and asset self-custody, they also pose enforcement challenges, as they are attractive to hackers, scammers and money launderers.

Regulators acknowledge that guidelines alone may not be enough to address risks emanating from decentralised platforms, which often operate outside national jurisdictions.

How Indian exchanges are responding

Leading Indian platforms say the updated rules largely formalise practices already in place. Nischal Shetty, founder of “WazirX”, said exchanges were already following bank-level compliance standards, including identity checks, selfies and bank verification under PMLA norms.

He noted that liveness detection and geo-tagging — highlighted in the new guidelines — are already part of WazirX’s onboarding process, along with instant KYC via DigiLocker. WazirX resumed operations after restructuring following a 2024 hack that resulted in losses of about $230 million.

Similarly, “CoinDCX” has implemented personal ID checks, face-match verification, geographic validation and bank account verification. Although CoinDCX suffered a security breach in 2025, it said customer assets were not affected.

ZebPay executives have also welcomed the enhanced AML and KYC framework, arguing that stronger compliance will improve trust and support wider acceptance of crypto in India.

What this means for crypto users

For most Indian crypto investors, the changes may feel incremental rather than disruptive. Periodic KYC re-verification, selfies and bank checks were already common across major platforms. The updated FIU-IND guidelines primarily standardise and tighten these processes across the industry.

The bigger regulatory gap in India’s crypto ecosystem

Despite stricter compliance rules, India still lacks a comprehensive crypto law. Virtual digital assets are taxed heavily — 30% capital gains tax and 1% TDS — but there is no robust investor protection framework in case of hacks, fraud or unfair practices.

While countries in the US, Europe and East Asia are drafting detailed legislation to regulate exchanges and stablecoins and encourage fintech innovation, India’s approach remains piecemeal. For investors who choose Indian exchanges to stay compliant with domestic laws, the regulatory environment continues to be seen as cautious, unclear, and often discouraging — even as compliance burdens steadily increase.