How are cryptocurrency exchanges in India vetting customers? | Explained

The story so far: On January 8, regulator Financial Intelligence Unit of India (FIU-IND) updated the existing ‘AML and CFT Guidelines for Reporting Entities Providing Services Related to Virtual Digital Assets’. These guidelines apply to organizations that include cryptocurrency exchanges and establish rules governing how companies that facilitate crypto trading must vet their customers.

What do the updated guidelines say?

To comply with Indian law, organizations such as cryptocurrency exchanges will need to conduct due diligence and obtain verified customer information, including personal identification numbers and contact information. This is called KYC or Know Your Customer/Customer. In addition, exchanges will have to collect the occupation and income range of their customers, a “liveliness detection” selfie, and the latitude and longitude coordinates of the participating location along with the date, timestamp, and IP address. Moreover, the client’s bank account will need to be verified through the penny drop method, where a small amount is traded to ensure that the account belongs to the specified person and is operational.

Exchanges will also need to identify high-risk transactions and customers to implement enhanced measures. In this context, high-risk customers will need to undergo a KYC update at least every six months, while other customers will need to undergo this update at least once a year.

The guidelines also “strongly discouraged” activities related to Initial Coin Offering (ICO) and Initial Token Offering (ITO), in addition to urging other service providers dealing in virtual digital assets to register with FIU-IND as reporting entities.

Finally, the regulator banned exchanges from facilitating transactions involving crypto tokens, which increases anonymity, as well as “scramblers” that make it difficult to track the movement of crypto tokens and assets.

Do all cryptocurrency exchanges follow KYC procedures?

Centralized exchanges that support cryptocurrency trading have been carrying out KYC procedures for years to ensure legitimate customers use their services for legitimate purposes. KYC also makes it easier to deter criminal activity, freeze offending accounts or track fraudulent transactions.

It comes amid persistent concerns that fiat currencies such as the rupee could be converted into harder-to-track crypto assets to avoid regulatory reporting requirements. AML or Anti-Money Laundering laws are in place to prevent this. Regulators also fear that cryptocurrencies could be used to financially support terrorist groups, leading to Countering the Financing of Terrorism (CFT) regulations that institutions must comply with.

For example, Binance, one of the world’s largest crypto exchanges, reached a settlement with US regulators in 2023 over violations that included failure to “implement programs to prevent and report suspicious transactions” with terrorists, ransomware attackers, money launderers, child abusers, criminals and sanctioned users.

Meanwhile, blockchain analysis platform Chainaliz reported that this year Lebanese Hezbollah, Hamas and the Houthis are using cryptocurrencies at “unprecedented levels” despite various military setbacks.

Naturally, Indian regulators are keen to prevent crypto exchanges within the country from being used to facilitate similar illegal transactions.

However, not all crypto exchanges follow strict KYC procedures. For example, many decentralized exchanges called DEXs offer a completely anonymous and unregulated trading experience with far fewer controls and protections. Make no mistake; There are many non-criminal reasons for using a DEX, such as maintaining privacy, avoiding government repression, or simply wanting to maintain control of one’s crypto assets rather than entrusting them to a centralized exchange. But DEXs are also attractive options for money launderers, fraudsters, hackers and those financing terrorism.

To effectively address these threats, Indian regulators will need to go far beyond issuing guidance.

How are crypto exchanges vetting Indian customers?

WazirX founder Nischal Shetty stated that leading Indian exchanges already follow global best practices and bank-level compliance standards and the Financial Intelligence Unit’s new rules formalize existing rules. Some of WazirX’s own KYC processes include basic ID, selfie check and bank verification requirements under Financial Intelligence Unit/PMLA norms.

WazirX, whose multi-signature wallet was attacked in July 2024 and suffered an asset loss of approximately $ 230 million, restarted its operations last year after its restructuring in Singapore.

“The updated guidelines also emphasize liveness detection for new users and geotagging to ensure authentication details match user location (exceptions apply under different circumstances), which is already available in our user onboarding process. We also have an instant verification process enabled with DigiLocker where a new user securely shares their KYC documents (Aadhaar and PAN) with WazirX,” said Mr. Shetty. Hindu.

Another popular exchange, CoinDCX, has implemented KYC processes that include personal identity checks, face match and liveness checks, geo-verification and bank account verification.

In July 2025, CoinDCX also suffered a security breach that cost approximately $44 million, but customer assets were not affected.

Meanwhile, ZebPay COO Raj Karkara praised the newly developed AML and KYC protocols for crypto exchanges and highlighted their role in supporting wider adoption of crypto in India.

“Measures such as liveness detection and geotagging during the onboarding process help strengthen user verification, increase transparency and provide greater accountability across platforms, aligning the industry with evolving global compliance expectations,” he said.

Additionally, ZebPay and CoinDCX have been collecting users’ photos as part of the KYC process for at least more than a year, according to their websites. Periodic KYC re-verification was a routine process on multiple crypto exchanges even before the rules were updated. Many Indian exchanges also offered KYC through Digi-Locker.

Fundamentally, FIU-IND’s updated guidelines do not bring fundamental changes to the existing KYC framework for crypto exchanges.

What is the legal status of cryptocurrency in India?

Both investors and business leaders in India have called for greater regulatory clarity regarding cryptocurrencies. Many traders continue to hope that their concerns will be addressed at the parliamentary level or addressed in the annual budget. But past government debates have only reiterated basic arguments about legality and security. These measures fall far short of more advanced crypto legislation drafted in the US, Europe and East Asia to encourage fintech entrepreneurship, increase exchange registrations and regulate stablecoin issuance.

While virtual digital assets like cryptocurrencies in India see capital gains taxed at 30% and the TDS rate is 1%, Indian investors have virtually no reliable safety net in case they get scammed, hacked, or subjected to unfair terms by private players.

Many crypto investors consciously trade through Indian exchanges to comply with Indian laws and tax requirements but face an uncertain and discouraging regulatory environment.

It was published – 15 January 2026 08:00 IST