The Ministry of Finance, Department of Finance, on March 7, 2023, issued a notification ("Notification") under Section 2 (1) (sa) (vi) of the Prevention of Money Laundering Act, 2002 ("PMLA") which defines the term "person carrying on designated business or profession". The Ministry of Finance, through the Notification, has included the following activities/transactions concerning virtual digital assets ("VDA") under the definition of "person carrying on designated business or profession" and thus bringing VDAs under the ambit of PMLA.

  1. exchange between VDA and fiat currencies;
  2. exchange between one or more forms of VDA;
  3. transfer of VDA;
  4. safekeeping or administration of VDA or instruments enabling control over VDA; and
  5. participation in and provision of financial services related to an issuer's offer and sale of a virtual digital.

Pursuant to the Notification, any entity facilitating or undertaking the abovementioned activities/transactions, i.e., a VDA service provider ("VDASP"), will now be categorized as a "reporting entity" as per Section 2(1) (wa) of PMLA. As a reporting entity, VDASPs are required to comply with additional compliances under Chapter IV of the PMLA and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 ("PML Rules"). These requirements are primarily in relation to undertaking KYC of the clients and beneficial owners, undertaking ongoing due diligence on the transactions facilitated by VDASPs in relation to VDAs, and maintaining transaction related records.

  1. Verifying the identity of the client. VDASPs will have to identify and verify their clients and also check whether they are acting on behalf of a beneficial owner. If the client acts on behalf of a beneficial owner, then the beneficial owner's identity must also be verified. Further, the identification of the client and the beneficial owner needs to be done at the time of commencement of an account based relationship and for transactions of an amount equal to or exceeding INR 50,000 (Indian Rupees fifty thousand) or any international transaction.
  2. KYC Reporting. VDASPs will have to register with the Central Registry of Securitization Asset Reconstruction and Security Interest of India and file the electronic copy of the client's KYC records with the Central KYC Records Registry, within 10 (ten) days after the commencement of an account based relationship with a client.
  3. Ongoing due diligence. VDASPs will have to undertake ongoing due diligence with respect to the business relationship with every client (including existing clients) and examine the transactions undertaken by the client. If the VDSAPs suspect money laundering or financing of terrorist activities relating to terrorism or where it suspects the veracity of previously obtained client identification data, the VDSAP must review the due diligence measures, including verifying the identity of the client and obtaining information on the purpose and intended nature of the business relationship. The VDSAPs are also required to formulate and implement a client due diligence program, incorporating the requirements under the PML Rules. The client due diligence program should include policies, controls, and procedures approved by the senior management of the reporting entity.
  4. Appointment of principal officer and reporting to Financial Intelligence Unit - India ("FIU-IND"). Every VDSAP being a reporting entity, will have to appoint a principal officer and designate a director to ensure overall compliance with PMLA and the PML Rules. VDSAPs must inform the name, designation, and address of the principal officer and designated director to the FIU-IND.
  5. Maintaining records. VDSAPs will have to maintain records of (a) all transactions (whether attempted or executed) in a manner that enables the statutory authorities to reconstruct individual transactions, and (b) all its clients and beneficial owners as well as account files and business correspondence relating to its client. Further, VDASPs will also have to maintain physical copies of the records of the identity of its clients after filing the electronic copy of such records with the Central KYC Records Registry.
  6. Penalty. In case of non-compliance by a reporting entity under the PMLA, the director of the FIU-IND may issue a show-cause notice to a reporting entity on account of failure to comply with the requirement of Chapter - IV of the PMLA. Upon adjudication, the director of FIU-IND may pass an order imposing a monetary penalty which shall not be less than INR 10,000 (Indian Rupees ten thousand) but may extend to INR 1,00,000 (Indian Rupees one lakh) for each failure.

The compliances, as notified under the PMLA for VDSAPs are in addition to the KYC requirements under the directions issued by Computer Emergency Response Team - India on April 28, 2022. Bringing VDSAPs under the ambit of PMLA is a progressive move, as it reflects that government does not intend to ban VDAs in India. Instead, it intends to regulate and curb its misuse.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.