In India, cryptocurrencies have gone unregulated for a very long time. While the issues relating to taxation of cryptocurrency has been relatively easier to address, the concerns arising from the anonymous and decentralised character of cryptocurrencies have been difficult to tackle. The untraceability and anonymity offered by cryptocurrencies also make it ideal for unlawful activities such as money laundering and terrorist financing.

India, in line with other countries, has updated several laws mandating reporting of virtual digital assets to account for the changing dynamics of the financial environment. Additionally, the purview of the Prevention of Money Laundering Act, 2002 ("PMLA") has been expanded to include transactions pertaining to virtual currency assets such as different exchanges, transfers, and administrative actions connected to virtual digital assets. However, due to the information being scattered, there remains a lot of ambiguity and lack of clarity on the laws applicable to cryptocurrency in India. Some of the frequently asked questions about the nature of these cryptocurrency assets and the legal regime applicable are addressed below:

What are Virtual Digital Assets (“VDAs”)?

The term virtual digital asset is defined under Section 2(47A) of the Income Tax Act, 1961, to include the following:

  • any information or code or number or token (not being Indian currency or foreign currency) which meets certain conditions;
  • non-fungible token or any other token of similar nature, by whatever name called; or
  • any other digital asset, as the government may specify by way of notification.

To simply put, VDAs include cryptocurrency as well as non-fungible tokens (“NFT”).

Are VDAs covered under the PMLA?

On 7 March 2023, the Ministry of Finance, in a notification, expanded the definition of ‘person carrying on designated business or profession' under the PMLA to include trading of cryptocurrency and VDA intermediaries (“VDASPs”) within the scope of PMLA (see Notification No S.O. 1072(E), Ministry of Finance). Accordingly, cryptocurrency exchanges and other VDA SPs have now come under the definition of ‘Reporting Entities' under the PMLA (“RE”). This means that such VDA SPs now must also comply with rules relating to anti-money laundering regulations and disclosure regime applicable to other REs. Put simply, the regime that applied to a banking companies, financial institutions, intermediaries, or persons carrying on a designated business or profession under the PMLA and the PMLA (Maintenance of Record) Rules, 2005 (“PML Rules"), are now equally applicable to cryptocurrency exchanges and other intermediaries.

What are the reporting obligations on cryptocurrency exchanges under the PML Rules?

  • Verify identity of clients: VDA SPs are obligated to identify their clients or the beneficial owner.
  • Due Diligence: VDA SPs to conduct proper due diligence of every client and examine each transaction undertaken by the client.
  • Know your Customer(KYC): Every VDA SP is mandated to submit an electronic copy of the client's KYC records with Central KYC Records Registry on commencement of an account-based relationship with a client.
  • Maintain Records of Transactions: VDA SPs will have to maintain records of all transactions in a manner that enables the statutory authorities to reconstruct individual transactions.
  • Reporting suspicious transactions: In case VDA SPs suspect any suspicious activity of money laundering or terror financing, the VDA SPs are required to take additional steps to record the purpose behind the transaction and the nature of the relationship between the transaction parties. Further, all SPs are required to, where they have reasonable grounds to suspect that funds are the proceeds of crime or are related to money laundering or terrorism financing report their suspicions promptly to Financial Intelligent Unit-India (“FIU-IND”).

What are the consequences of the breach of reporting obligations under the PML Rules?

If, during any inquiry, it is found that a reporting entity, its designated director, board member or any of its employees have failed to comply with the reporting obligations under PMLA, then, without prejudice to any other action that may be taken the PMLA, such entity or persons may be:

  • issued a warning in writing;
  • directed to comply with specific instructions;
  • directed to send reports at such interval as may be prescribed on the measures it is taking; or
  • subject to a monetary penalty on such reporting entity or its designated director on the board or any of its employees.

Has FIU-IND undertaken any recent actions against cryptocurrency exchanges?

As part of compliance action against the offshore entities, FIU-IND issued compliance Show Cause Notices to nine offshore Virtual Digital Assets Service Providers under Section 13 of the PMLA. The nine cryptocurrency exchanges served with the notices are Binance, KuCoin, Huobi, Kraken, Gate.io, Bittrex, Bitstamp, MEXC Global and Bitfinex. (see Press Information Bureau – Press Release). The URLs of the said entities are to be blocked by the Ministry of Electronics and Information Technology since such entities were operating illegally without complying with the provisions of the PMLA.

What is the FIU-IND?

The FIU-IND is the central national agency responsible for analysis and dissemination of information relating to suspect financial transactions in India. The FIU-IND, with the powers conferred under the PML Rules issued the Anti-Money Laundering and Combating the Financing of Terrorism Guidelines for Reporting Entities, 2023 (“AML & CFT Guidelines”) on 10 March 2023 for reporting entities providing services related to VDAs. The PMLA, PML Rules and the AML & CFT Guidelines, collectively, form the primary framework of law for anti-money laundering by the VDAs.

What is the scope of the AML & CFT Guidelines?

The AML & CFT Guidelines, applicable to VDAs and cryptocurrency VDA SPs, provide a summary of the anti-money laundering, counter-terrorism financing, and proliferation of financing laws in India (such as the PMLA) in the context of VDAs and sets out the steps that a VDA SP must implement to discourage and identify any money laundering, terrorist financing or proliferation financing activities.

Do VDA SPs need to be registered with the FIU-IND?

The VDA SPs operating in India, irrespective of whether they have any physical presence in India and engaged in activities like exchange between VDA and fiat currencies, transfer of VDA, safekeeping or administration of VDA or instruments enabling control over VDA etc. are required to be registered with FIU-IND as a ‘Reporting Entity' and comply with the obligations as mandated under the PMLA (see Registration of Virtual Digital Asset Service Providers in FIU India as Reporting Entity).

Does the present regime extend to VDA SPs incorporated outside India?

Yes, VDA SPs operating in India (both offshore and onshore) and engaged in exchange/transfer/administrative of VDAs must register with FIU-IND as a ‘Reporting Entity' and comply with obligations under the PMLA. The requirement is activity-based and does not require physical presence in India.

The content of this document do not necessarily reflect the views/position of Khaitan & Co but remain solely those of the author(s). For any further queries or follow up please contact Khaitan & Co at legalalerts@khaitanco.com