April 11, 2024

Guide to FATF Travel Rule Compliance in India

Guide to FATF Travel Rule Compliance in India
  • India amended its anti-money laundering law to include cryptocurrencies, requiring KYC checks and reporting of transactions.
  • The FATF Travel Rule has been effective in India since 2023. 
  • It mandates crypto exchanges in India to collect and report detailed sender and receiver information to combat money laundering and terrorist financing.

As India continues to gain prominence in the crypto market, the government has been providing clarity on various related issues, including the application of anti-money laundering (AML) and FATF Travel Rule for crypto transactions.

To bring crypto under the ambit of the Act and reign in Virtual Digital Assets Service Providers (VDASPs), the Indian government amended the PMLA 2002 (Prevention of Money Laundering Act).

Key Features

Per the guidelines, a designated service provider in India must have policies and procedures. India’s Ministry of Finance considers those involved in the following activities to be ‘reporting entities’:

- Transfer of crypto
- Exchange between fiat currencies and crypt
- Exchange between one or more types of crypto
- Participation in financial services related to an issuer’s offer and sale of crypto
- Safekeeping or administration of crypto or instruments enabling control over crypto

These VDSPA entities need to ensure compliance with the following:

- The reporting entities must register with the Financial Intelligence Unit and provide transaction details to the agency within the stipulated period.

- Crypto exchanges must verify the identities of their customers and beneficial owners, if any.

- Platforms have to perform ongoing due diligence on every client. In the case of certain specified transactions, VDASPs have to perform enhanced due diligence (EDD) on their clients.

- In addition to identifying the customers, exchanges have to maintain records of updated client identification and transactions for up to five years after the business relationship between the two has ended or the account has been closed.

- VDASPs are also required to appoint a principal officer and a director who will be responsible for ensuring that the entity complies with rules. Their details, which include name, phone number, email ID, address, and designation, must be submitted to the Financial Intelligence Unit - India (FIU-IND).

Meanwhile, FIU’s guidelines further require VDASPs to conduct counterparty due diligence and have adequate employee screening procedures. These entities must also provide instruction manuals for onboarding, transaction processing, KYC, due diligence, transaction review, sanctions screening (which must be done when onboarding and transferring crypto), and record keeping.

Compliance Requirements

In line with global efforts to regulate crypto assets, the Indian government has introduced AML guidelines similar to those already followed by banks.

Per the guidelines, a designated service provider in India must have policies and procedures to combat money laundering and terrorist financing. This includes verifying customer identity, for which VDASPs must obtain and hold certain information that must be made available to appropriate authorities on request. Moreover, this applies regardless of whether the value of the crypto transfer is denominated in fiat or another crypto.

For the originating (sender) VDASP, the following information must be acquired and held:

- Originator’s full verified name.
- The Permanent Account Number (PAN) of the sending person.
- Originator’s wallet addresses used to process the transaction.
- Originator’s date and place of birth or their verified physical address.
- Beneficiary’s (receiver) name and wallet address.

For the beneficiary (receiver) VDASP, the following information must be acquired and held:

- Beneficiary’s verified name.
- Beneficiary’s wallet address used to process the transaction.
- Originator’s name
- Originator’s National Identity Number or Permanent Account Number (PAN).
- Originator’s wallet addresses and physical address or date and place of birth.

When it comes to reporting obligations, the entity must report any suspicious transactions within a week of identification. Reporting entities are further prohibited from disclosing or “tipping off” that a Suspicious Transactions Report (STR) is provided to the FIU-IND.

However, the minimum threshold for Travel Rule compliance is unclear, as the Indian government hasn’t mentioned it in the circular. However, a few Indian exchanges are requesting Travel Rule data for compliance even when the transaction amount is less than $1000.

Unfortunately, instead of adopting a fully automated, privacy-oriented, frictionless Travel Rule solution like Veriscope, a few exchanges in India depend on manual methods to collect personally identifiable information from users (i.e., Google forms, emails, etc).

When it comes to unhosted or non-custodial wallets, the FIU classifies any crypto transfers made to and from them as “high risk” as they may not be hosted on an obligated entity such as an exchange. As per the guidelines, P2P transfers also fall into this category, given that one of the wallets is not hosted.

Hence, when crypto transfers are made between two wallets where at least one of them is a hosted wallet, the compliance responsibility falls on the entity where the wallet is hosted.

“Additional limitations or controls may be put in place on such transfers with unhosted wallets,” according to FIU - IND. 

Concluding Thoughts

The implementation of the Crypto Travel Rule shows that India is gradually regulating the crypto sector and bringing businesses dealing with crypto under the same AML requirements as registered financial institutions like banks.

While it may lead to some short-term challenges, India’s crypto businesses believe this is expected to create a more trustworthy environment in the long run.


About Veriscope

‍Veriscope, the compliance infrastructure on Shyft Network, empowers Virtual Asset Service Providers (VASPs) with the only frictionless solution for complying with the FATF Travel Rule. Enhanced by User Signing, it enables VASPs to directly request cryptographic proof from users’ non-custodial wallets, streamlining the compliance process.For more information, visit our website and contact our team for a discussion. To keep up-to-date on all things crypto regulations, sign up for our newsletter and follow us on X (Formerly Twitter), LinkedIn, Telegram, and Medium.