Crypto AML in India: FIU-IND Rules, PMLA & Compliance for Exchanges
Crypto AML in India is a hard legal duty today. A Ministry of Finance notification dated March 7, 2023 placed virtual digital asset (VDA) businesses under the Prevention of Money Laundering Act as reporting entities, and that single designation handed every crypto exchange serving Indian users the anti-money laundering load a bank carries. Registration with the Financial Intelligence Unit comes first. Customer verification, transaction surveillance, and the reporting of anything suspicious follow close behind. Trading crypto stays legal across the country. Running a platform that skips these controls does not.
What "Crypto AML in India" Actually Requires
Reporting-entity status under the PMLA reaches further than most operators assume. Exchanging crypto for rupees triggers it. So does swapping one token for another, moving VDAs between parties, holding them in custody, or selling financial services attached to a VDA offering. Four concrete duties follow. Registration with FIU-IND is the entry ticket, after which customer due diligence applies to everyone who signs up, transaction activity has to be monitored and recorded for the statutory period, and Suspicious Transaction Reports must reach the unit whenever a pattern looks wrong. Travel Rule obligations sit on top of the reporting layer. None of it is optional. Banks have answered to this same bar for years.
Coverage is deliberately wide. Domestic exchanges and offshore platforms that serve Indian users carry an identical load under the statute, and the obligations attach from the very moment those customers come through the door rather than at some later licensing stage.
Who Regulates Crypto in India
No single regulator owns crypto in India. Three bodies divide the work, and a fourth exists only on paper. FIU-IND matters most for anti-money laundering purposes, since it supervises VDA reporting entities and collects their suspicious-transaction filings. Banking and monetary questions belong to the Reserve Bank of India, historically the sharpest crypto skeptic of the lot. Tax enforcement runs through the Central Board of Direct Taxes. Commentators still invoke a "Digital Currency Board of India," yet that body appears nowhere outside the never-passed 2021 crypto bill, so treating it as a live regulator misreads the statute outright. SEBI stays advisory for now. Should crypto assets ever be classified as securities, its remit would widen quickly.
Which agency owns what is the difference between a clean compliance posture and a missed statutory deadline, so the mapping deserves precision rather than a vague sense of who is in charge. FIU-IND answers for AML reporting. Tax answers to the CBDT. Conflating the two is how a firm misses a filing.
How the AML Framework Came to Be
India circled this question for the better part of a decade. A 2013 RBI advisory first flagged Bitcoin's risks to the public, and by 2018 the central bank had ordered banks to sever ties with crypto firms altogether, a directive that froze the sector until the Supreme Court struck it down in March 2020. Legal access reopened. Everything then shifted with the 2023 PMLA notification, which finally gave the state a genuine grip on the industry through a supervised regime anchored in know-your-customer and reporting duties rather than an outright ban. Travel Rule obligations landed in the same window, drawing Indian crypto compliance toward global FATF standards.
Prohibition gave way to supervision. Rather than persist with an attempt to wall the asset class off entirely, the state chose to regulate the money as it moved, pulling exchanges and their visible activity into a structured reporting system. That arc explains the regime.
Registration With FIU-IND Is Now Enforced
Enforcement has caught up with the rule. The FIU-IND annual report covering FY 2024-25 recorded 49 crypto exchanges registered as reporting entities, 45 of them domestic and four offshore. Deadlines now carry consequences. October 2025 brought action against 25 offshore exchanges that had skipped registration, with platforms such as BitMEX, LBank, and Phemex blocked from serving Indian users, while Binance, Coinbase, and other major names completed registration and held their market access. Operators face a blunt choice. Register and stand up the compliance stack, or forfeit the Indian market.
For any platform eyeing India, compliance has stopped being a back-office afterthought and become the precondition for holding a presence in one of the largest crypto user bases on earth. The price of getting it wrong is the market itself. Access is the stake.
Crypto Tax in India: Still 30% Plus 1% TDS
Tax sits beside AML, and the two are confused constantly. Keep them apart. Section 115BBH of the Income Tax Act taxes gains from transferring a virtual digital asset at a flat 30%, permitting no deduction beyond the cost of acquisition and barring losses from being set off against other income. Section 194S adds a 1% Tax Deducted at Source on crypto transfers above 50,000 rupees in a financial year, dropping to 10,000 rupees for certain persons. Both provisions remain in force for FY 2025-26. Collection runs through the CBDT. These mechanisms operate wholly apart from the PMLA reporting duties that FIU-IND oversees.
Why India Is a Crypto AML Priority
The stakes here are unusually high. India topped the Chainalysis Global Crypto Adoption Index in 2024 for a second consecutive year, concentrating an enormous volume of grassroots crypto activity inside one jurisdiction. Large flows draw bad actors. Pseudonymous wallets, cross-border transfers, and patchy historical oversight have long made crypto a conduit for laundering and terror financing, and a market this size magnifies that exposure dramatically. Bringing VDA providers under the PMLA was the state's response: oblige the exchanges to know their customers, watch the money, and surface suspicious activity before it slips across a border.
Regulated AML controls do something quieter as well. Handing a legitimate exchange a defensible, examinable record of clean operations gives it proof that compounds, and over the long run that documented history is what marks the boundary between a serious platform and a shell. Reputation accrues.
How KYC Hub Supports Crypto AML Compliance in India
Manual compliance does not scale to these duties. KYC Hub closes that gap. Our crypto compliance platform consolidates what a VDA reporting entity actually owes into one automated stack, with identity, liveness, and document-forensics checks running across more than 190 countries and feeding straight into the risk engine. Sanctions, PEP, and adverse-media data drive continuous risk scoring that flags a customer's status change the moment it occurs. Onboarding and screening execute from a single no-code workflow rather than a scattered row of disconnected tools.
Transaction risk gets a dedicated engine. KYC Hub's Know Your Transactions tooling layers transaction monitoring over crypto activity, suppressing false positives and routing genuine alerts into handling that an analyst can actually work, which is the operational heart of any STR program. Platforms navigating KYC and AML rules in India get a direct map onto the FIU-IND framework. Verify the customer. Monitor the flow, document the decision, and preserve an audit trail an examiner can follow end to end. Code-free REST APIs keep the integration light.



