India brings crypto under anti-money laundering legislation

Reflecting the global trend towards complying with FATF's guidance, India introduces an AML notification regulating providers of cryptoasset services.

In early March this year, the Indian Government issued a notification bringing crypto-asset activities within the fold of its anti-money laundering (“AML”) legislation. Cryptoasset (referred to as “virtual digital assets” in the notification) service providers are now required to undertake specific transparency and reporting measures, at par with banking companies, financial institutions, and other intermediaries.

This development comes on the heels of the first G20 Finance Ministers’ and Central Bank Governors’ meeting, held under India’s presidency in late February. The G20 meeting saw a notable change in India’s tone, with Finance Minister (“FM”) Nirmala Sitharaman pushing for international regulation of crypto-assets, in contrast to the country’s erstwhile policy favoring a blanket ban. Before the meeting, FM Sitharaman said, “We are talking to all nations that if regulation has to be framed, then one country cannot frame it alone. So we are speaking to all for forming a Standard Operating Procedure.” The G20 also welcomed the work being done by the IMF and FSB towards setting a global regulatory framework on crypto-assets.

After introducing a 30% tax on gains from crypto-assets in April 2022, the AML notification is India’s second attempt at regulating the industry. The notification is in line with the FATF’s Updated Guidance on crypto-assets, published in October 2021 (“FATF Guidance”), pursuant to which several countries like the UK, South Korea and South Africa have introduced AML laws in relation to crypto-assets. India following suit is reflective of a slow but steady global move towards the regulation of service providers operating in the crypto industry.

Indian law uses the term ‘virtual digital assets’ (“VDA”) to refer to crypto-assets. Persons carrying out the following VDA-related activities, for or on behalf of other persons (“VDA service providers”), will now be covered under India’s AML laws:

1. Exchange between VDAs and fiat currencies; 

2. Exchange between one or more forms of VDAs; 

3. Transfer of VDAs; 

4. Safekeeping or administration of VDAs, or instruments enabling control over VDAs; 

5. Participation in and provision of financial services related to an issuer’s offer and sale of VDAs. 

These VDA service providers will now have to comply with detailed KYC, record-keeping, transaction monitoring, due diligence, and disclosure requirements. They will also have to appoint compliance officers, and will be amenable to inquiries and audits by the authorities. If found non-compliant, they may be liable to a monetary penalty of INR 100,000 (~USD 1,200) per failure (which could add up to a large amount, cumulatively).

Many players in India are already implementing KYC norms and welcoming the move as legitimizing existing self-regulation practices. In fact, the move is being lauded by some as a positive step towards recognition of the crypto sector. However, last year, when the Government imposed a tax on VDAs, FM Sitharaman cautioned that taxing crypto did not amount to endorsement of the industry. This move, too, should be understood only as targeting AML considerations (for now), especially since the FATF Guidance explicitly recommends that countries who plan to prohibit crypto-assets and crypto-asset activities, should still put AML measures in place. That being said, India’s regulatory shift at the G20 meeting in February is perhaps a stronger signal that it may be warming up towards the industry. 

With respect to the AML notification itself, there remains some ambiguity as to which VDA-related activities are covered under the law. While it is sufficiently clear that ramping services, trading and exchange platforms, and custody service providers are covered, it is unclear whether DeFi applications, P2P solutions, and non-custodial services also need to comply with AML laws.

Considering that the list of VDA service providers in the AML notification is borrowed from the FATF Guidance, one may look to the FATF for, well, guidance. The FATF intends to cover those persons who “provide” or “actively facilitate” the specified activities as a business. With respect to DeFi, the FATF states that this could include creators, owners, operators or persons who maintain control or sufficient influence over the DeFi arrangements. However, the FATF has expressly stated that unhosted wallets and software developers should not be covered.

It remains to be seen whether India toes the FATF’s line or takes a more conservative approach. The upcoming G20 Summit in September should provide more definitive clues on the regulatory fate of the industry.