India’s Financial Intelligence Unit (FIU) has rolled out stricter identity verification requirements for cryptocurrency exchanges, aiming to curb money laundering and terrorist financing, CoinDesk reported, citing Press Trust of India.

Under guidelines updated Jan. 8, exchanges must verify customers using a “live selfie” check that includes blinking to prove “liveliness and authenticity,” alongside detailed logging of the user’s geographical coordinates, date, time and IP address, according to the report.

The FIU’s updated rules expand documentation requirements beyond India’s mandatory Permanent Account Number (PAN). Crypto platforms must now collect additional identity documents such as a passport, driver’s license, Aadhaar card (India’s central government-issued ID) or voter ID, CoinDesk said. Exchanges must also gather customers’ mobile numbers and email addresses, verifying both via one-time passwords.

The new framework also tightens bank-account verification. To confirm a user’s bank ownership, exchanges are required to use the “penny-drop” method, making a small, refundable 1 rupee (INR) charge as an authentication step, according to the report. 

For higher-risk customers, the FIU is calling for more intensive and more frequent scrutiny. CoinDesk reported that clients considered high-risk must undergo enhanced due diligence checks every six months. 

Under the new rules, platforms cannot support initial coin offerings (ICOs)—token sales that the report likened to “mini-IPOs”—and are barred from using transaction-obscuring tools such as tumblers or mixers designed to hide transaction trails and make crypto untraceable. Exchanges must also register with the FIU, report suspicious trades, and retain user data for five years, CoinDesk said. 

Read more at CoinDesk