Overview
- Exchanges must capture a live selfie with liveness detection and record latitude–longitude, timestamp and IP address at signup.
- Users must provide PAN plus a second government ID, verify email and phone via OTP, and pass a Re 1 penny‑drop bank ownership check.
- All virtual digital asset providers, including offshore platforms serving Indian users, must register with FIU‑IND, file suspicious transaction reports and retain records for at least five years.
- Platforms are barred from facilitating mixers, tumblers and privacy coins, and the guidance strongly discourages ICOs and ITOs as high‑risk activities.
- Firms must refresh KYC every six months for high‑risk clients and annually for others, conduct enhanced due diligence for PEPs and FATF‑linked jurisdictions, appoint a designated director and undergo CERT‑In cybersecurity audits, with past non‑compliance already drawing ₹28 crore in penalties.