KYC for Crypto India is now a core compliance requirement for Virtual Digital Asset (VDA) platforms operating under PMLA and FIU-IND regulations. Indian crypto exchanges and VDA service providers must implement customer verification, AML monitoring, suspicious transaction reporting, and FATF Travel Rule controls. This guide explains the compliance requirements, implementation challenges, and best practices for building a FATF-compliant crypto KYC programme in 2026.
Table of Contents
- VDA Service Providers Under PMLA: Who Is Covered and What Is Required
- FIU-IND Registration: The First Compliance Step
- KYC Requirements for Crypto Platforms in India
- The FATF Travel Rule: What Indian VASPs Must Implement
- AML Transaction Monitoring for Crypto: Blockchain Analytics
- FATF Greylisting and Its Impact on Indian Crypto Compliance
- Key Takeaways
- Frequently Asked Questions
- Conclusion
VDA Service Providers Under PMLA: Who Is Covered and What Is Required
The Prevention of Money Laundering Act was amended in March 2023 to include Virtual Digital Asset Service Providers (VDASPs) β entities that conduct exchange between VDAs and fiat currencies, exchange between VDAs, transfer of VDAs, safekeeping or administration of VDAs, and participation in financial services related to issuance of VDAs.
This definition covers centralised cryptocurrency exchanges, crypto wallet providers (custodial wallets), VDA-to-VDA swap platforms, and crypto lending and staking platforms that involve the transfer of VDAs. Decentralised exchanges operating without any Indian legal entity or operational presence in India are in a regulatory grey zone, but any platform with Indian users that has an Indian entity or maintains Indian operations is likely covered.
For covered VDASPs, the PMLA obligations are identical to those applying to other Reporting Entities: customer identification and verification, beneficial owner identification for corporate customers, transaction monitoring, Cash Transaction Reporting, and Suspicious Transaction Reporting. The customer due diligence standards are the same; what differs is the nature of the transactions being monitored (blockchain transactions rather than traditional financial transactions) and the typologies relevant to the asset class.
FIU-IND Registration: The First Compliance Step
Every VDASP must register with FIU-IND before commencing operations. Registration is done through FIU-IND’s reporting entity registration portal and requires the entity to provide: its legal identity, the nature of VDA activities conducted, the Principal Officer designated for PMLA compliance, and evidence that AML/CFT policies and procedures are in place.
Registration is not a one-time event. Registered VDASPs must maintain their compliance programme β updating policies as regulations change, maintaining the designated Principal Officer, and submitting reports (CTRs and STRs) through the FINnet portal. Operating as a VDASP in India without FIU-IND registration is a PMLA offence. FIU-IND has taken action against unregistered platforms and has the authority to require offshore exchanges to block access for Indian users if they do not comply.
The practical first step for any new VDA platform targeting Indian users is to assess whether the platform’s activities meet the VDASP definition β they almost certainly do for any centralised exchange β and to initiate the FIU-IND registration process, which includes establishing the AML/CFT policies that must be in place before registration is granted.
KYC Requirements for Crypto Platforms in India
KYC requirements for VDA platforms in India follow the same framework as other Reporting Entities under PMLA and the RBI KYC Master Directions: identity verification using Officially Valid Documents (or Aadhaar eKYC), PAN verification (mandatory for transactions above prescribed thresholds), address verification, and β for higher-risk customers β Enhanced Due Diligence including source of funds verification.
For individual users, the standard KYC stack covers: PAN verification, Aadhaar-based identity verification (where consent is provided), face match with liveness, and address verification. For corporate accounts β entities using the exchange for treasury or investment purposes β KYB is required: company identity verification (CIN, GSTIN), director and beneficial owner identification, and appropriate EDD for high-risk entities.
The specific challenge for VDA platform KYC is the global user base that most exchanges attract. A platform registered in India but serving non-resident Indians or foreign nationals must implement KYC appropriate to the jurisdiction of the customer, which may require international identity verification capabilities beyond the Indian government database ecosystem.
The FATF Travel Rule: What Indian VASPs Must Implement
FATF Recommendation 16 β the Travel Rule β requires Virtual Asset Service Providers to comply with logic about the originator and beneficiary of every VDA transfer above a defined threshold (USD 1,000 or equivalent). For Indian VDASPs, the threshold is set at βΉ50,000 or equivalent.
For a transfer between two VDASPs β for example, a customer withdrawing crypto from an Indian exchange to a wallet on another exchange β both the sending and receiving VASP must exchange originator and beneficiary information (name, account/wallet identifier, and physical address or national identity number). This requires a secure, standardised communication channel between VDASPs β the functional equivalent of the correspondent banking messaging infrastructure, but for blockchain-based transfers.
The Travel Rule implementation for VDASPs is technically challenging: unlike traditional financial transfers, blockchain transactions do not natively carry the identity metadata that the Travel Rule requires. Several technical solutions have emerged globally (the InterVASP Messaging Standard, TRP, OpenVASP), but implementation is incomplete and inconsistent. For Indian VDASPs, the practical approach is to implement Travel Rule compliance for transfers to and from other registered and compliant VDASPs, and to apply enhanced scrutiny to transfers involving unhosted wallets (private wallets not associated with a registered VASP).
AML Transaction Monitoring for Crypto: Blockchain Analytics
AML transaction monitoring for VDA platforms requires tools that extend beyond traditional financial transaction monitoring β because blockchain transactions are public and traceable in ways that traditional transactions are not, creating both an opportunity and a requirement for blockchain analytics.
Blockchain analytics tools (provided by companies such as Chainalysis, Elliptic, and TRM Labs) map the blockchain transaction graph, associating wallet addresses with known entities: exchange deposits, sanctioned addresses, darknet markets, mixer services, and ransomware wallets. They provide a risk score for incoming and outgoing transactions based on the association of counterparty wallets with high-risk activities.
For Indian VDASPs, blockchain analytics is a monitoring requirement, not just a risk management option. Under PMLA, suspicious transactions must be identified and reported, and a transaction originating from a wallet associated with ransomware proceeds or a sanctioned entity is by definition suspicious, regardless of the narrative the customer provides. Monitoring only the traditional financial leg of a VDA transaction (the fiat deposit) without monitoring the blockchain leg leaves a significant detection gap.
FATF Greylisting and Its Impact on Indian Crypto Compliance
India was placed on the FATF grey list (under enhanced monitoring) in 2010 and subsequently removed following remediation of its AML/CFT framework β a process that included significant legislative and operational strengthening of the AML regime. The inclusion of VDASPs under PMLA was part of India’s ongoing effort to maintain FATF standards as the VDA sector grew.
For Indian crypto platforms, FATF compliance is not only a domestic regulatory obligation β it is a prerequisite for maintaining correspondent relationships with international financial institutions and for accessing the global VDA ecosystem. An Indian VASP that is not FATF-compliant β that does not conduct adequate KYC, maintain transaction records, or implement the Travel Rule β faces restrictions from global exchanges and banking partners who are themselves subject to FATF-aligned regulation.
The FATF Mutual Evaluation framework will assess India’s VASP compliance programme in its next evaluation cycle. The regulatory infrastructure is in place; what the evaluation will examine is implementation quality β how thoroughly VDASPs are actually conducting KYC, monitoring transactions, and filing reports. Indian platforms that have invested in robust compliance programmes will be better positioned for this scrutiny and for international partnerships.
Building a Crypto Compliance Team: Skills and Structure
The compliance function at a VDA platform requires a different skill set from a conventional fintech compliance team. The combination of traditional financial regulation knowledge (PMLA, KYC Master Directions, FIU-IND reporting) with blockchain-specific knowledge (transaction graph analysis, VASP Travel Rule implementation, blockchain analytics tool interpretation) is not common in the Indian market β creating a talent gap that most VDA platforms are navigating through training and specialist hiring.
The core compliance team structure for a growth-stage Indian VDA platform typically includes: a Principal Officer (mandatory under PMLA, responsible for STR filing decisions and FIU-IND correspondence); a KYC Operations Lead (responsible for the day-to-day operation of the customer onboarding verification workflow, including escalation handling and manual review); a Blockchain Analytics Analyst (responsible for interpreting alerts from the blockchain analytics platform, investigating flagged wallet addresses, and building the transaction network maps required for complex STR narratives); and a Regulatory Affairs function (monitoring regulatory developments from the RBI, FIU-IND, FATF, and SEBI that affect the VDA sector, and translating them into operational policy updates).
For smaller platforms that cannot yet sustain this full team, the Principal Officer role must be filled first β it is a legal requirement and the most consequential compliance role. Blockchain analytics can be provided as a managed service by vendors who supply both the tool and the interpretation support. The KYC operations and regulatory functions can initially be combined into a single senior hire with appropriate experience in both financial compliance and the VDA sector.
Investing in compliance talent is not an alternative to investing in compliance technology β both are required. The technology processes the data; the compliance team interprets it, makes judgement calls, and takes the regulatory accountability that technology cannot.
Key Takeaways
- VDA Service Providers in India must be registered with FIU-IND under PMLA β operating without registration is a PMLA offence, and FIU-IND can direct access restrictions against non-compliant platforms.
- KYC requirements for crypto platforms follow the same PMLA/RBI framework as other REs β PAN verification, Aadhaar eKYC, face match with liveness, and EDD for high-risk customers.
- The FATF Travel Rule requires VDASPs to exchange originator and beneficiary information for transfers above βΉ50,000 β implementation requires standardised VASP-to-VASP messaging protocols.
- Blockchain analytics is a monitoring requirement for VDA platforms β transactions from sanctioned wallets or high-risk addresses are by definition suspicious under PMLA.
- FATF compliance is both a domestic regulatory obligation and a prerequisite for international correspondent banking and VASP relationships.
Frequently Asked Questions
Q: Are crypto exchanges in India required to register with FIU-IND?
Yes. Following the March 2023 amendment to PMLA, all Virtual Digital Asset Service Providers conducting exchange, transfer, or safekeeping of VDAs for Indian users must register with FIU-IND. Operating without registration is a PMLA offence. Registered VDASPs must implement full PMLA compliance including KYC, transaction monitoring, and suspicious transaction reporting.
Q: What is the FATF Travel Rule and does it apply to Indian crypto platforms?
The FATF Travel Rule (Recommendation 16) requires VASPs to collect and transmit originator and beneficiary information for VDA transfers above USD 1,000 (βΉ50,000 for Indian platforms). It applies to registered Indian VDASPs for transfers between VASP-held wallets. Implementation requires VASP-to-VASP messaging protocols that carry the required identity information alongside the blockchain transaction.
Q: What KYC is required for a crypto exchange user in India?
Individual users: PAN verification (mandatory for transactions above prescribed thresholds), Aadhaar-based identity verification (or equivalent OVD), address verification, and face match with liveness detection. Corporate accounts: CIN verification, GSTIN verification, director and beneficial owner identification, and Enhanced Due Diligence for high-risk entities. Higher-risk users require source of funds documentation.
Conclusion
The compliance framework for VDA platforms in India is now as demanding as that for any other financial services Reporting Entity. The organisations that have invested in building proper KYC and AML infrastructure β not the minimum required to pass FIU-IND registration, but the depth required for sustainable, scalable compliance β are better positioned for regulatory scrutiny, international partnerships, and the reputational trust that is increasingly a competitive differentiator in the VDA sector.
