FIU’s New KYC Guidelines for Indian Crypto Users and Exchanges

• FIU India crypto guidelines updated January 8, 2026 with strict KYC rules.
• Exchanges must appoint principal officers and implement governance frameworks.
• Users face mandatory PAN verification and liveness detection during onboarding.

India’s Financial Intelligence Unit released updated guidelines for cryptocurrency service providers on January 8, 2026. The comprehensive framework establishes mandatory Know Your Customer procedures for all Virtual Digital Asset exchanges operating in the country.

FIU India crypto regulations now require crypto exchanges to register as Reporting Entities under the Prevention of Money Laundering Act 2002. The updated guidelines target money laundering and terrorist financing risks associated with digital asset transactions.

The framework applies to all entities engaged in virtual digital asset activities, regardless of physical location in India. Any exchange providing services to Indian users must comply with the new FIU India crypto requirements.

FIU India crypto governance framework mandates officer appointments

Cryptocurrency exchanges must appoint a designated director responsible for overall compliance with PMLA obligations. The director oversees all compliance procedures relating to record-keeping, client due diligence, transaction monitoring and reporting.

Exchanges must also designate a principal officer at the management level. The PO should preferably hold a position not below the head audit, Compliance or risk level within the organization.

The Principal Officer requires minimum three years experience with AML, CFT and CPF legal requirements. The officer must possess thorough knowledge of money laundering risks relevant to the VDA sector.

FIU India crypto rules prohibit the principal officer from holding any simultaneous engagement with other entities. The officer must work exclusively for the reporting entity on a full-time basis.

The principal officer reports directly to the board or designated committee. Reports must occur at minimum once yearly covering AML/CFT/CPF compliance program effectiveness and identified risks.

Mandatory KYC data collection for crypto users

Exchanges must collect comprehensive personal information during user onboarding. Required data includes full name as appearing in PAN, date of birth, gender, PAN details, identity document type and number, and nationality.

Contact details including address, mobile number and email ID are mandatory. Financial and occupation details require collection including occupation, income range and bank account information.

FIU India crypto guidelines mandate additional parameters for verification purposes. Exchanges must capture selfie with liveness detection and latitude-longitude coordinates of the onboarding location with date, timestamp and IP address.

The onboarding system must accurately capture geo-location coordinates to establish precise verification location. Mismatch between address furnished and geo-coordinates triggers enhanced measures under CDD.

Exchanges must collect PAN and one identity document from passport, driving license, Aadhaar proof of possession, or Voter’s Identity Card issued by Election Commission of India. Equivalent e-documents are acceptable.

Mobile number and email ID verification occurs through One-Time Password validation or link verification. The exchange must confirm the client providing credentials is the same individual accessing the application.

FIU India crypto enhanced due diligence for high-risk clients

Enhanced measures apply based on materiality and risk assessment. Exchanges must initiate better procedures for transactions assessed as high risk or where money laundering concerns arise.

FIU India crypto rules require mandatory ramped up measures for natural and legal persons from known high-risk jurisdictions. Countries designated as tax havens and those on FATF grey and black lists trigger automatic enhanced screening.

Clients who are non-profit organizations require due diligence procedures. Such clients must register on the DARPAN Portal of NITI Aayog as prescribed under Rule 9(9A) of PMLR.

The measures include examining the financial position and source of funds. Exchanges must record the purpose behind conducting such transactions and conduct more frequent review of client profiles and transactions.

For clients assessed as high risk, KYC updates occur at least once every six months. For all other clients, KYC updates occur at least once every year measured from account opening or last KYC update.

The policy governing periodic KYC updation must be clearly documented within the exchange’s CDD program. The Board must approve the policy governing these periodic update requirements.