India’s Enhanced Cryptocurrency Regulations
India is reinforcing its regulations regarding user verification for cryptocurrency transactions as part of updated directives from the Financial Intelligence Unit (FIU). According to a report from the Times of India, these new measures stipulate that cryptocurrency exchanges implement enhanced know-your-customer (KYC) protocols during user registration, requiring increased frequency of user verification processes.
New Verification Requirements
Among the new requirements are advanced verification techniques, which necessitate users taking live selfies that utilize biometric software to ensure their physical presence through responses like eye movements or head nods. This initiative is intended to mitigate the risk of identity fraud through static images that can be manipulated or deepfaked. Additionally, users now must provide further documentation via government-issued IDs—acceptable forms include a passport, Aadhaar card, or voter ID—as well as validation of both their email accounts and mobile numbers.
To access platform offerings, users will also need to complete a small test transaction to their bank account, ensuring a layer of verification. During registration, exchanges are obligated to log specific user details such as IP addresses, geolocation data, timestamps, and device specifications. For users deemed high-risk, KYC information must be refreshed every six months, while others are required to update annually.
Background and Security Concerns
These enhanced measures are introduced in the wake of significant security breaches that occurred at two prominent Indian cryptocurrency exchanges within the last couple of years. Notably, in early 2024, WazirX, which was the leading exchange in India at the time, experienced a serious cyber attack resulting in the theft of around $235 million in digital currencies, cumulatively leading to a court-supervised recovery approach. The following year saw CoinDCX fall prey to a hack that compromised $44 million. Although that attack was limited to an internal wallet, it heightened anxieties regarding exchange security.
Regulatory Stance on Privacy Technologies
The FIU’s updated guidance also expresses severe disapproval of privacy-enhancing technologies such as crypto mixers and tokens designed to obscure transaction histories. Moreover, the regulator is recommending that Initial Coin Offerings (ICOs) and Initial Token Offerings (ITOs) be discouraged, citing increased risks of money laundering and financing of terrorism associated with such initiatives. Consequently, all regulated entities are required to implement safeguards against transactions involving privacy coins and unregulated tokens.
Taxation and Compliance Measures
India’s stance toward cryptocurrencies has become increasingly stringent, particularly following the implementation of a flat 30% tax on capital gains from digital asset trading, along with prohibiting the offsetting of losses—a policy criticized by many within the crypto community as a barrier to the potential growth of the sector. The FIU’s enforcement of registration and compliance began in March 2023 when Virtual Digital Asset service providers were classified under the Prevention of Money Laundering Act.
In the 2024-25 timeframe, data reveals that 49 entities registered as reporting institutions, comprising 45 domestic exchanges and four significant offshore platforms, including Binance, Coinbase, and KuCoin, which returned to the market after fulfilling compliance requisites. However, skepticism remains, particularly from the Reserve Bank of India, which continues to label cryptocurrencies as high-risk assets, posing potential threats to the nation’s financial stability and macroeconomic integrity.
