Key Takeaways
- India has tightened crypto KYC rules with live selfie, ID, and location verification.
- Exchanges must verify bank accounts using the penny-drop method.
- High-risk users face KYC updates every six months under a risk-based framework.
- Privacy tools like mixers are discouraged to improve transaction traceability.
- Platforms must store user data for at least five years for compliance.
In early January 2026, India’s Financial Intelligence Unit (FIU-IND) introduced a substantial overhaul of Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements for cryptocurrency exchanges. These changes mandate live identity verification, geolocation tracking, enhanced document checks, and more frequent updates for higher-risk users. The goal is to strengthen transparency, reduce illicit activity, and align digital asset platforms with global financial compliance standards.
This article explains the key elements of the new crypto KYC regime in India, why authorities have adopted it, how platforms and users will be affected, and how this fits into broader regulatory trends.
Why India Is Tightening KYC in the Crypto Sector
Cryptocurrencies present significant regulatory challenges due to their pseudo-anonymous nature and fast, cross-border transactions. Without rigorous verification systems, digital assets can facilitate money laundering, terror financing, and tax evasion. Regulators in India argue that stricter KYC is necessary to:
- Verify real identities behind accounts
- Trace transactions and link them to verified users
- Combat misuse of crypto for criminal activities
- Ensure financial platforms remain accountable
To achieve these objectives, the FIU’s updated guidelines require more than just uploading static documents.
What the New KYC Rules Require
The requirements apply to all registered Virtual Digital Asset (VDA) service providers — including cryptocurrency exchanges and related digital asset platforms — operating under India’s regulatory framework. The key components of the new KYC process include:
1. Live Selfie Verification
Platforms must capture a live selfie using technology that validates the user’s presence in real time (e.g., eye blinking or head movement). This safeguards against fake profile images, deepfake attacks, and identity fraud.
2. Geolocation and Technical Logging
At the point of account creation, exchanges must collect:
- Latitude and longitude coordinates of the user’s location
- IP address
- Date and time stamps
This data enhances traceability and supports investigations into suspicious activity.
3. Expanded Document Requirements
In addition to the Permanent Account Number (PAN), users must provide a second government-issued ID such as:
- Aadhaar card
- Passport
- Voter ID
Contact details such as email and mobile numbers must be verified through OTP (one-time password) checks.
4. Bank Account Verification (“Penny Drop” Method)
Exchanges must confirm that a user’s bank account is active and belongs to them by initiating a small transaction (often Re 1), which is then verified. This step links crypto accounts to verified financial identities.
5. Periodic KYC Updates Based on Risk
Users are classified based on risk, with more frequent KYC re-verification required for higher-risk profiles:
| Risk Category | KYC Update Frequency |
|---|---|
| High-Risk Users | Every 6 months |
| Standard Users | Every 12 months |
High-risk classifications may include politically exposed persons (PEPs), links to jurisdictions on global watchlists, or associations with NGOs and charities.
Additional Compliance and Discouraged Activities
Banning Privacy Tools
The guidelines strongly discourage activities that obscure transaction trails, such as:
- Crypto mixers and tumblers
- Privacy coins or tokens are designed to hide transaction history
These tools can impede law enforcement and compliance monitoring.
Limiting ICOs and Token Launches
Initial Coin Offerings (ICOs) and Initial Token Offerings (ITOs) are also discouraged due to associated risks and unclear economic value.
Record-Keeping Obligations
Platforms must retain customer identity and transaction data for at least five years, or until an investigation has concluded. This extended retention supports law enforcement and audit processes.
Impact on Crypto Platforms and Users
For Crypto Exchanges
Exchanges operating in India will need to upgrade their compliance systems to integrate live ID checks, geo-tracking tools, and enhanced verification workflows. While some platforms had already implemented similar features voluntarily, the updated guidelines formalise and standardise these requirements across the industry.
For Crypto Users
Most registered users will experience a more comprehensive onboarding process when opening new accounts or updating existing ones. Though this might introduce friction, proponents argue that it reduces fraud and improves overall market credibility.
Industry observers see this as part of a broader trend toward stricter regulation of digital financial services worldwide. For example, global regulators have increasingly emphasised robust identity verification to counter illicit financial flows and ensure national AML standards are maintained.
How This Fits Into India’s Crypto Policy Landscape
India’s crypto regulatory framework remains cautious. While the government has not banned cryptocurrency trading, it has categorised digital assets as taxable and implemented a 30% flat tax on gains and 1% tax deducted at source (TDS) on transfers — measures seen as discouraging domestic trading.
In this context, the tightened KYC regime signals a shift toward stronger oversight while continuing to balance innovation with risk mitigation.
For readers seeking a broader understanding of India’s current crypto regulatory environment, resources such as the Prevention of Money Laundering Act (PMLA) and the Financial Action Task Force (FATF) guidelines offer a relevant global perspective.
Conclusion
India’s expanded KYC and AML rules represent a significant evolution in digital asset regulation. By mandating live identity verification, detailed technical logging, and stringent risk-based protocols, regulators aim to enhance the security and transparency of crypto exchanges. While the rules may increase onboarding complexity for users and operational costs for platforms, the broader objective is to fortify India’s financial system against the misuse of crypto assets.
As the regulatory environment matures, both users and service providers will need to adapt to these comprehensive compliance standards. Staying informed about evolving requirements and adopting robust verification practices will be crucial for navigating India’s cryptocurrency landscape.