Crypto Law Profile
FIU-IND guidance applies India’s PMLA AML/CFT/CPF obligations to VDA service providers, including FIU registration, KYC/CDD, STR reporting, record retention, sanctions screening and Travel Rule controls.
The India FIU-IND AML/CFT Guidelines for VDA Service Providers are Financial Intelligence Unit – India guidance for reporting entities that provide services related to virtual digital assets. As of June 5, 2026, the framework is in force, with the original FIU-IND guidelines effective from March 10, 2023 and an updated version listed by FIU-IND as of January 8, 2026. The profile should be read with Ministry of Finance notification S.O. 1072(E), which brought specified VDA activities within India’s Prevention of Money Laundering Act framework.
The framework applies to service providers engaged in specified VDA activity for or on behalf of another natural or legal person in the course of business. Covered activity includes exchanges between VDAs and fiat currencies, exchanges between one or more VDAs, VDA transfers, safekeeping or administration of VDAs or instruments enabling control over VDAs, and financial services connected to an issuer’s offer or sale of a VDA.
FIU-IND’s original guidance states that it applies to service providers and explains how they should implement AML/CFT/CPF obligations. It focuses on VDAs that are convertible to other funds or value, including VDAs that convert to other VDAs, to fiat, or otherwise intersect with the fiat financial system. Central bank digital currencies are outside the scope of the guidance because they are digital representations of fiat currency.
The guidelines place VDA SPs within India’s reporting-entity architecture. VDA SPs are expected to register with FIU-IND as reporting entities, maintain an AML/CFT/CPF program, adopt internal policies and controls, conduct training and internal audit, and appoint both a Designated Director and a separate Principal Officer.
FIU-IND treats transfers, exchanges of VDAs for VDAs, and exchanges of VDAs for fiat currencies on the lines of wire transfers. The Travel Rule portion of the guidance calls for required and accurate originator information and required beneficiary information, transmitted immediately and securely to the beneficiary service provider or financial institution where applicable and made available to authorities on request.
Transfers involving unhosted wallets are categorized as high risk when either the originator or beneficiary wallet is not hosted by a service provider that is an obliged entity. The onus of compliance falls on the obliged entity where at least one wallet is hosted, with scope for additional controls on unhosted-wallet transfers.
FIU-IND’s downloads page lists the VDA AML/CFT guidelines as updated on January 8, 2026. The same page lists the original March 10, 2023 guidance and subsequent registration circulars. A September 15, 2025 registration circular describes registration as a prerequisite for VDA SPs and sets out process expectations including in-person review, information submissions, PACT certificates in relevant partner relationships, cybersecurity audit materials and live demonstrations of compliance systems.
In October 2025, the Press Information Bureau said FIU-IND had issued notices to 25 offshore VDA service providers and described the PMLA obligations as activity-based rather than dependent on physical presence in India. That position makes the framework relevant to both onshore and offshore VDA SPs that carry out notified activities for or on behalf of persons in the course of business.
Covers VDA-fiat exchange, VDA-to-VDA exchange, VDA transfers, safekeeping or administration, and financial services tied to an issuer’s VDA offer or sale.
VDA SPs must register with FIU-IND as reporting entities; the 2025 circular states non-registration is PMLA non-compliance and may trigger action.
SPs must maintain internal policies, senior-level controls, training, audit, a Designated Director and a separate Principal Officer for AML/CFT/CPF obligations.
SPs must apply KYC before onboarding wallets, avoid anonymous or fictitious wallets, identify beneficial owners and perform ongoing/periodic KYC.
VDA activity is treated as higher ML/TF/PF risk; SPs must apply EDD where appropriate and screen at onboarding and when VDA transfers are initiated.
Suspicious transactions, including attempted ones, must be reported to FIU-IND within seven working days of forming suspicion, with no tipping off.
CDD and transaction records must generally be retained for at least five years, with safeguards for privacy, access control, encryption and reconstruction.
VDA transfers are treated like wire transfers for originator and beneficiary information; unhosted wallet transfers are categorized as high risk.
Services around ICO/ITO issuance, offer, sale and distribution can be SP activity; automated smart contracts do not remove SP obligations for controlling parties.
The Ministry of Finance notified specified VDA activities as covered business activity under PMLA.
FIU-IND issued AML/CFT guidance for VDA reporting entities, effective immediately.
FIU-IND’s third revision added detailed registration-review steps, including PACT and cybersecurity materials.
PIB said FIU-IND issued notices to 25 offshore VDA SPs and described obligations as activity-based.
FIU-IND’s downloads page lists updated AML & CFT Guidelines for VDA reporting entities.
Department of Revenue, FIU-IND, Ministry of Finance
Crypto assets, Virtual Digital Assets
This profile treats the FIU-IND VDA guidelines as regulatory guidance under India’s PMLA framework. The FIU-IND downloads page lists an updated version dated Jan. 8, 2026; editors should verify the updated PDF for precise 2026 textual changes before publication.
