India mandates geolocation and selfies for crypto customer KYC

TL;DR

India's Financial Intelligence Unit has issued new rules forcing crypto service providers that serve Indian residents to register and carry out enhanced customer checks. Firms must collect identity and financial details plus geolocation, IP and a selfie for new customers, and monitor and report suspicious transactions.

What happened

Regulators in India updated guidance for cryptocurrency service providers, requiring anyone serving Indian residents — including operators based outside India — to register and disclose management and ownership details. The Financial Intelligence Unit’s revised guidance sets stricter customer due diligence for new accounts: identity documents, bank account information, occupation and an income range. Providers must also capture the onboarding location’s latitude/longitude with a date‑time stamp and the customer’s IP address, and obtain a selfie to confirm the person is alive. Firms are expected to periodically re‑review their client lists and maintain continuous transaction monitoring across fiat and virtual asset flows. Suspicious activity must be reported promptly with comprehensive information about the parties involved when there are reasonable grounds to suspect proceeds of crime, terror financing or proliferation financing. The regulator framed the measures as a response to the fast, often opaque nature of virtual asset transfers and their potential misuse by illicit actors.

Why it matters

• Expands compliance duties for crypto firms, including those operating offshore but serving Indians.
• Collecting location coordinates, IP data and liveness selfies raises data‑protection and privacy concerns.
• Tightened monitoring and prompt reporting aim to curb money laundering, terrorism financing and other illicit uses.
• Could shift operational costs and onboarding friction for exchanges and wallet providers serving the Indian market.

Key facts

• The Financial Intelligence Unit of India (FIU‑IND) posted updated guidelines for crypto service providers.
• Requirements apply to entities that serve Indian residents, even if those entities are based outside India.
• Registered entities must name certain officers, provide place of business and disclose significant business ownership.
• Enhanced customer due diligence for new users must collect identity documents, bank account details, occupation and income range.
• Onboarding must capture latitude/longitude coordinates with date and timestamp, along with the user’s IP address.
• Providers must obtain a selfie to establish liveness of new customers and periodically review their client base.
• Continuous transaction monitoring is required for fiat‑to‑fiat, virtual‑to‑virtual, fiat‑to‑virtual and virtual‑to‑fiat flows.
• Firms must file suspicious transaction reports when there are reasonable grounds to believe transactions involve proceeds of crime or financing of terrorism, supplying as much party information as possible.
• The regulator justified the measures by citing the anonymity and speed of virtual digital asset transactions and their misuse potential.

What to watch next

• Whether offshore crypto platforms will comply with India’s registration and data‑collection demands — not confirmed in the source
• Potential legal or regulatory challenges over privacy and cross‑border enforcement of the rules — not confirmed in the source
• How exchanges and wallet providers will adapt onboarding UX and data‑security practices to capture geolocation and liveness checks — not confirmed in the source

Quick glossary

• FIU‑IND: India’s Financial Intelligence Unit, the agency that issues guidance and collects reports on suspicious financial transactions.
• KYC / Customer due diligence: Procedures used by financial and crypto service providers to verify customer identity and assess risk before and during a business relationship.
• Virtual digital asset (VDA): A digital representation of value used as a medium of exchange, including cryptocurrencies and tokenised assets.
• Geolocation: Data pinpointing a user’s physical location, commonly captured via latitude and longitude coordinates.
• Transaction monitoring: Ongoing surveillance of financial movements to detect patterns indicative of fraud, money laundering or other illicit activity.

Reader FAQ

Do these rules apply to crypto firms based outside India?
Yes. The guidance says requirements apply to any crypto player that serves Indian residents, including operations outside India.

Are selfies mandatory for customers?
The revised guidance requires providers to secure a selfie for new customers to demonstrate liveness.

Will the government demand smartphone source code from manufacturers?
The source notes the government denies plans to require smartphone source code.

When do these rules take effect and what penalties apply for noncompliance?
not confirmed in the source

PUBLIC SECTOR India demands crypto outfits geolocate customers, get a selfie to prove they’re real Government is fed up with bad actors using digi-cash to fund dodgy deeds Simon Sharwood…

Sources

• India demands crypto outfits geolocate customers, get a selfie to prove they’re real
• Selfie, 'penny-drop' mandated as KYC for crypto customers …
• Explained: Why crypto users in India must now submit live …
• India Tightens Crypto KYC Rules With Live ID and Location …

Related posts

• Hochul Proposes Law to Allow Limited Self-Driving Car Pilots in New York
• Minnesota and Twin Cities Sue Federal Government to Halt ICE Agent Surge
• FBI Agent’s Sworn Testimony Contradicts ICE Agent Jonathan Ross’s Account