Introduction
FIU-IND Financial Intelligence Unit India guidelines are now a key part of India’s legal framework for virtual digital assets. Under the PMLA, FIU-IND has issued clear rules for anyone dealing with cryptocurrencies or similar assets. These guidelines classify crypto exchanges, wallets, and other virtual asset service providers as reporting entities. They must register with FIU-IND and follow strict anti-money laundering (AML) and counter-terrorism financing (CFT) rules.
For startups and investors, understanding these requirements is essential. It helps them operate legally and build trust with regulators and users.
What Activities Do FIU-IND Guidelines Cover?
The FIU-IND rules apply to businesses that offer specific virtual asset services on behalf of customers.
In March 2023, the government clarified that the following activities fall under PMLA for virtual digital assets:
- Exchange services: Converting virtual digital assets to fiat currency, or vice versa.
- Crypto-to-crypto trading: Swapping one virtual asset for another.
- Transfers: Sending or receiving virtual digital assets, whether custodial or non-custodial.
- Custody or safekeeping: Holding or administering virtual assets or related instruments.
- Token issuance services: Providing financial services related to the sale of a virtual asset.
A virtual digital asset, as defined in the Income Tax Act, 1961, includes cryptocurrencies, NFTs, and similar tokens.
In practice, any platform that allows buying, selling, transferring, or holding crypto assets for customers must follow FIU-IND rules.
Why the FIU-IND Guidelines Matter
FIU-IND guidelines bring crypto businesses into India’s official AML framework. Under PMLA, FIU-IND can issue and enforce rules for reporting entities.
The notice states that virtual asset service providers must follow all PMLA provisions, including:
- Customer due diligence
- Suspicious transaction reporting
- Internal AML controls
- Record-keeping
Registration with FIU-IND is mandatory. Failure to register is itself a violation under Section 13(2) of PMLA and can lead to enforcement action.
In short, crypto startups must join the reporting entity system or face penalties.
Key Compliance Requirements for Virtual Asset Providers
To meet FIU-IND requirements, a virtual asset business must complete several steps.
1. Register with FIU-IND
Registration happens through the FINET 2.0 portal. However, it is only complete after an in-person interview with FIU-IND officials. Both the Designated Director and Principal Officer must attend.
2. Attend FIU-IND Review Meeting
Officials review the business model and documents to confirm that the company falls under the notified virtual asset activities.
3. Submit Corporate and Financial Documents
Businesses must provide:
- Incorporation certificates
- Annual returns
- Audited financial statements for the last three years
4. Provide Tax and State Registrations
This includes:
- GST registration certificate
- GST returns for the last three years
- Income tax returns
- TDS statements (Forms 26Q/26QF/26QE) related to VDA transactions
5. Detail Business Relationships
If the platform works with other entities—Indian or foreign—for exchange or custody, it must submit agreements showing these partnerships.
6. Confirm Integrity and Compliance
Companies must submit a self-declaration confirming no pending enforcement actions.
If partnered with a registered virtual asset provider, the company must also provide a “Fit and Proper” certificate from that partner.
7. Complete FIU-IND Questionnaires
FIU-IND may require AML/CFT questionnaires. Startups must provide detailed explanations of their policies and procedures.
8. Sign Official Undertakings
Directors, Principal Officers, and Compliance Officers must sign undertakings agreeing to follow PMLA and FIU-IND rules.
By completing these steps, a business shows that it maintains strong KYC/AML controls and transparent processes. FIU-IND can deny or revoke registration if obligations are not met.
Implications of Non-Compliance
Ignoring FIU-IND rules can lead to serious outcomes.
Under Section 13(2) of PMLA, FIU-IND can:
- Freeze assets
- Impose fines
- Attach proceeds of crime
- Initiate prosecution
Operating without registration is already a violation.
Beyond legal penalties, non-compliance hurts reputation. Investors prefer startups that follow regulations and maintain clear audit trails.
Compliance builds trust. Non-compliance drives customers and partners away.
Why AML/CFT Compliance Matters
FIU-IND guidelines highlight the need for strong AML/CFT practices. Virtual asset businesses must:
- Perform KYC on all users
- Monitor transactions
- Report suspicious activities
- Maintain logs and records for at least five years
These records include wallet addresses, transaction history, and KYC documents.
How SecureDApp Helps Startups Stay Compliant
SecureDApp simplifies compliance for crypto businesses. It provides:
- Automated KYC/KYB checks
- AML transaction monitoring
- Documentation management
- Audit trails
- Alignment with FIU-IND documentation requirements
With SecureDApp, startups can meet FIU-IND expectations while focusing on growth.
