CHANDIGARH, Jan 11 – Crypto enthusiasts across the region must now share their exact coordinates and prove their “live” presence to open accounts, as India’s Financial Intelligence Unit (FIU) rolls out a stringent new security framework.
The updated guidelines, issued on January 8, classify cryptocurrency exchanges as Virtual Digital Asset (VDA) service providers. Under these rules, the era of simple document uploads is over. Exchanges are now required to record a user’s exact latitude and longitude, IP address, and a timestamp the moment an account creation process begins.
To combat the rise of deepfakes and static photo fraud, the FIU has mandated “liveness detection.” Users are now required to take a live selfie through software that monitors eye-blinking or head movements to verify they are physically present.
“The authenticity of such access and personal presence shall be established by capturing a live photograph of the client and employing liveliness detection technology to verify the client’s physical presence,” the guidelines state.
The regulator is also moving to verify financial links more strictly through the “penny-drop” method. This involves the exchange sending a nominal Re 1 transaction to the user’s bank account to ensure the details match the registrant. This is paired with a dual-ID requirement, where users must provide a secondary document—such as an Aadhaar, Passport, or Voter ID—in addition to their PAN card.
For those already in the system, the scrutiny remains high. The FIU has ordered exchanges to update KYC details for “high-risk” clients every six months, while others will face an annual review. The government is particularly wary of tools designed to hide the paper trail of digital wealth.
Regarding high-risk activities like Initial Coin Offerings (ICOs), the guidelines note that these “present heightened and complex money laundering and terror financing risks as they lack justified economic rationale.” Consequently, the use of “mixers” or “tumblers”—tools used to obfuscate transaction origins—is strictly prohibited under the new mandate.
