As regulators worldwide tighten oversight of digital-asset markets, India has introduced a notable upgrade to onboarding and compliance standards for crypto platforms. The FIU-IND’s updated guidance signals a shift toward deeper identity verification and stronger audit trails—moves that are likely to reshape how users open accounts and how exchanges monitor activity. The changes are being framed as a response to evolving fraud tactics and higher expectations around traceability.
Live Selfie and Location: What the New KYC Requires
Opening a crypto account in India is set to become more data-driven and harder to bypass. Under the updated approach, exchanges are expected to go beyond basic document uploads and adopt checks designed to prove a real person is present during verification. In practice, this means the KYC process may include:
-
Live selfie (liveness) verification and face matching
-
Geo-tagging (recording latitude/longitude)
-
Capturing IP address and session timestamps
-
Submitting PAN along with an additional identity document
-
Bank-account validation via “penny-drop” (a small test transfer)
-
OTP verification for phone number and email
The direction of travel is clear: higher friction at onboarding, but greater ability for platforms to link accounts to real individuals and track suspicious patterns.
Why FIU-IND Is Pushing Harder Controls?
The updated KYC model is widely seen as an effort to reduce identity abuse and improve the integrity of crypto rails. Regulators have increasingly flagged risks such as:
-
Accounts created using stolen IDs
-
Onboarding fraud using static images or manipulated visuals
-
Attempts to keep crypto flows opaque through layered transfers
By requiring stronger identity proof and more granular logs, the FIU-IND framework aims to make it harder for bad actors to exploit exchanges—and easier for compliance teams to investigate anomalies and file reports when necessary.
Who Faces More Frequent Reviews?
The guidance also emphasizes a risk-based compliance model. Rather than treating all users the same, exchanges are expected to classify customers by risk level and apply tighter controls where needed.
Higher-risk customers may be subject to more frequent KYC refreshes, while lower-risk users may face standard periodic checks. Enhanced Due Diligence (EDD) is typically expected for categories such as:
-
Politically Exposed Persons (PEPs)
-
Connections to high-risk jurisdictions (e.g., FATF-listed contexts)
-
Structures or behaviors associated with elevated financial-crime risk
-
Certain organizational or third-party-linked activity that warrants extra scrutiny
The key takeaway: KYC does not end at sign-up—monitoring and re-checks become part of the ongoing account lifecycle.
A Clear Warning on Mixers and Anonymity Tools
India’s updated approach also reflects a tougher stance on tools designed to reduce traceability. Services commonly described as mixers or tumblers—which can obscure transaction trails—are treated as higher-risk indicators within compliance programs.
Exchanges are expected to flag and scrutinize activity linked to anonymity-enhancing methods and apply additional controls where appropriate. The broader message is that platforms should discourage practices that undermine transparency and raise money-laundering concerns.
Tax Pressure and the Offshore Shift Debate
Alongside compliance tightening, India’s crypto market has been shaped by ongoing debate around taxation. The country applies a 30% tax on crypto gains, and a 1% TDS (tax deducted at source) on many transactions. Industry analyses have argued that these policies contributed to a migration of trading activity toward offshore platforms, potentially weakening domestic liquidity.
Whether stricter KYC and heavier reporting expectations will reverse that trend is still unclear. But taken together, tax policy and compliance pressure point to an environment where access may become more controlled—and where exchanges will be expected to maintain stronger records and oversight.
