# India’s New Crypto & Digital Asset Rules (FIU-IND 2026 Guidelines): What Every Indian Must Know 

> Understanding India's Game-Changing AML & CFT Guidelines for Virtual Digital Assets: A Comprehensive Overview

**Published by:** [The Onramp Journal](https://paragraph.com/@onrampmoney/)
**Published on:** 2026-01-28
**URL:** https://paragraph.com/@onrampmoney/indias-new-crypto-and-digital-asset-rules-fiu-ind-2026-guidelines-what-every-indian-must-know

## Content

On 8 January 2026, the Financial Intelligence Unit – India (FIU-IND) – the country’s central financial crime-monitoring authority under the Ministry of Finance – published a major update to the AML (Anti-Money Laundering) & CFT (Countering Finance of Terrorism) Guidelines specifically for Virtual Digital Asset Service Providers (VDA SPs). These rules are now the single biggest regulatory development for crypto and digital asset services in India – and they matter not just for crypto exchanges and blockchain companies but for every Indian user, investor, developer, regulator, and citizen concerned about financial safety, fraud prevention, and transparency.What Are Virtual Digital Assets (VDAs)?“Virtual Digital Assets” include:CryptocurrenciesNon-fungible Tokens (NFTs)Tokens, stablecoins, and similar digital assetsIn India, these are not just tech buzzwords – they have been defined under the Income Tax Act and now regulated for financial crime purposes by FIU-IND.Why This Guideline Update MattersUntil now, crypto and digital asset sectors operated in a regulatory grey zone: taxed, but not directly regulated like banks or stock markets. The 8 January 2026 FIU-IND Guideline changes that - it brings VDA service providers firmly into India’s financial compliance framework similar to banks, NBFCs and other financial institutions. This is significant because India has seen rapid growth in digital asset usage - and regulators want to ensure the ecosystem is not abused for:Money launderingTerrorist financingFraud and financial crimeIllegal fund flowsSo this isn’t just a compliance update for businesses – it’s a national financial security measure.Who Must Follow These Rules?All entities providing services related to Virtual Digital Assets, whether they are:Crypto exchanges (centralized or decentralized)Wallet providersCustodiansNFT platformsVDA brokersPayment service providers dealing with cryptoOffshore platforms serving Indian usersThese must register with FIU-IND and comply with the guidelines – even if they do not have an office in India but serve Indian customers.Big Changes in Customer Onboarding and Identity VerificationOne of the landmark parts of the new guidelines is how users must be verified - making sure a person on a digital asset platform is who they say they are. The requirements include: Strong KYC (Know Your Customer) Platform operators must collect:Your Permanent Account Number (PAN)Government ID (Aadhaar/Passport/Voter ID)Live selfie verification with liveliness detection (to prevent deepfakes)Geolocation data (latitude + longitude)IP addressTime and date stampBank account verification with a penny-drop methodThis goes beyond basic ID checks – it’s meant to ensure identity, presence and traceability of every user.Ongoing Monitoring and Risk-Based ChecksVerification doesn’t stop after signup. The guidelines require:Continuous transaction monitoringRisk scoring and behavior analyticsEnhanced checks for high-risk users (e.g., Politically Exposed Persons, sanctioned individuals, wallets linked to crime)Periodic reviews and updatesThis is meant to catch suspicious patterns, like structuring transactions or sudden large movements of funds that could signal wrongdoing.The Travel Rule: Tracking Where Money GoesWhen VDAs move between wallets – especially between different operators – the platform must collect and share data for:Originator (sender)Beneficiary (receiver)This aligns with global anti-money laundering standards known as the “Travel Rule” - meaning every digital asset transfer is traceable.Reporting Suspicious Activity to FIU-INDIf a platform detects:A suspicious transaction,A pattern of unusual activity,Or behavior that suggests money laundering or terrorism financing,It must promptly file a Suspicious Transaction Report (STR) with FIU-IND. The rules strictly prohibit “tipping off” - platforms cannot inform the customer that a report has been filed. Record Keeping: 5 Years of Data Platforms must maintain:All user recordsTransaction dataCompliance logsfor at least five years after an account closes. This ensures audit trails for investigations and law enforcement use.Cybersecurity and Data ProtectionAn important addition in the 2026 update is that all VDA service providers must obtain a cybersecurity audit certificate from a CERT-In-empaneled auditor - making sure systems are robust and resilient against hacking or data breaches.Governance, Reporting & AccountabilityEvery VDA service provider must:Appoint a Designated Director – responsible for complianceAppoint a Principal Officer - managing day-to-day AML/CFT obligationsRegularly update FIU-IND on changesFile periodic regulatory submissions with detailed reportingThese roles are senior leadership positions: failures here can have legal and operational consequences.Discouraging High-Risk ActivitiesCertain activities that make tracing difficult are strongly discouraged or subject to tight restrictions, such as:Crypto tumblers and mixersAnonymity-enhancing featuresUnhosted wallets without verificationThese are common tools abusers use to cover illicit activity, and the guidelines target them.Penalties for Non-ComplianceFIU-IND does not just set guidelines – it enforces them. Offshore platforms that continue to operate without registration have already received legal notices, penalties, and even blocks on their websites or apps for non-compliance. What This Means for Everyday Indians For Crypto UsersYou’ll undergo stricter onboardingPlatforms must protect your identity and dataIncreased transparency and reduced fraud riskFor InvestorsBetter safeguards against money launderingMore credible and regulated exchanges to trade onFor Developers & StartupsCompliance becomes a core requirementAML systems, cyber audits, and KYC tools are necessary, not optionalFor Society and Law EnforcementStronger tools to fight financial crimeAbility to prosecute bad actors using digital assetsComparison: FIU - IND VDA GuidelinesIn Summary: A New Era for Digital Finance in IndiaThe FIU-IND AML & CFT Guidelines released on 8 January 2026 are more than a set of rules – they are India’s regulatory blueprint to bring crypto and digital asset services into a trusted, secure, and transparent financial system. They strike a balance between innovation blockchain & digital finance and public safety with anti-money laundering, anti-terror financing, data integrity. This marks a major milestone in India’s financial regulatory evolution, placing digital asset platforms under a regime similar to banks – not because they want to discourage innovation, but to ensure Indian users are protected and the system is resilient to misuse. As one of the leading VDA on/off‑ramp infrastructure providers, onramp.money follows robust KYC and AML standards. you can read the full guidelines here - FIU INDIA - AML & CFT Guidelines for Reporting Entities Providing Services Related to Virtual Digital Assets

## Publication Information

- [The Onramp Journal](https://paragraph.com/@onrampmoney/): Publication homepage
- [All Posts](https://paragraph.com/@onrampmoney/): More posts from this publication
- [RSS Feed](https://api.paragraph.com/blogs/rss/@onrampmoney): Subscribe to updates
- [Twitter](https://twitter.com/onrampmoney): Follow on Twitter