Overview
- Exchanges must capture a live selfie with liveness detection and record latitude–longitude, timestamp and IP address at user onboarding.
- Platforms are required to verify bank ownership via a ₹1 penny‑drop, collect PAN plus a second government ID, and verify email and phone with OTPs.
- The guidance directs that anonymity‑enhancing tokens, mixers and tumblers shall not be facilitated, and it strongly discourages ICOs and ITOs.
- All crypto platforms must register with FIU‑IND as reporting entities, retain identity and transaction records for at least five years, undergo CERT‑In‑accredited cybersecurity audits, and appoint a designated AML/CFT director.
- KYC must be refreshed every six months for high‑risk clients and annually for others, with enhanced due diligence for PEPs and entities linked to FATF grey or black‑listed jurisdictions, as industry expects higher compliance costs and slower onboarding.