"Compliance in the VDA space isn’t about waiting for clear rules, it’s about adopting global best practices now, to build trust and resilience ahead of regulation."
You’ve spent significant time navigating compliance for VDA platforms in India. When regulation is unclear, what anchors your strategy?
The Indian Virtual Digital Asset (VDA) industry has experienced significant regulatory shifts over the past few years. It began with the Reserve Bank of India’s (RBI) 2018 circular effectively banning banks from facilitating crypto-related transactions. This move that was later overturned by the Supreme Court in 2020. This landmark judgment paved the way for the industry’s resurgence. In 2022, the Indian government introduced specific taxation provisions on income from the transfer of VDAs, marking an indirect fiscal acknowledgement of the sector. Further regulatory momentum was seen in March 2023, when businesses engaged in VDA activities, such as trading platforms, brokers, wallet providers, and custodians, were brought under the ambit of the Prevention of Money Laundering Act, 2002 (PMLA). These entities were mandated to register as Reporting Entities with the Financial Intelligence Unit (FIU). During its G20 presidency, India also endorsed the Financial Stability Board’s (FSB) recommendations for regulating, supervising, and overseeing of crypto-asset activities and global stablecoin arrangements. These steps highlight India’s calibrated approach toward regulating the VDA ecosystem and reinforce the continued optimism for a comprehensive regulatory framework.
Given the circumstances, there is a clear onus on intermediaries to adopt best practices from not only from the traditional finance sector, which may include guidelines issued by SEBI and RBI, but also from mature jurisdictions that have progressed manifold in regulating VDA. The most crucial aspects of our compliance strategy for this sector, garnered from traditional finance and mature jurisdictions, would be to have a glitch- free trading environment, robust KYC and sanctions screening process and complete monitoring on the flow of funds from clients. Apart from this, having the optimum cyber security systems and processes to mitigate any risks on the client’s VDA from cyber-attacks would be a very crucial aspect, more from the perspective of investor protection and retaining their confidence. Obtaining adequate undertakings and affirmations from clients on their mode of acquisition and source of VDA, and simultaneously extensively utilising blockchain forensic tools for transaction analysis and wallet credentials, would form a core part of the strategy. Apart from the above, having robust travel rule compliance information dissemination is crucial.
It would not be correct to say that regulations are unclear; rather, regulations and guard rails are gradually and steadily evolving, which anchors the belief of the industry on this line of business activity.
In your view, what’s the most challenging aspect of crypto compliance for market players?
The rapid growth of Decentralized Finance (DeFi) and Non-Fungible Tokens (NFTs) has transformed the digital asset landscape, but it has also introduced profound challenges for Anti-Money Laundering (AML) compliance, as multiple DeFI platforms mostly operate without central intermediaries, such as banks or brokers. They also use self-executing smart contracts to facilitate transactions. This decentralised nature often lacks clearly identifiable ultimate beneficial owners or identifiable parties who may have carried out client due diligence. The DeFi and NFT platforms allow users to interact pseudonymously through wallets not tied to identified persons.
In such circumstances, the intermediaries can rely only upon certain affirmations and undertakings by their clients.
The use of such infrastructure coupled with privacy-enhancing, technologies and coins is the most challenging aspect for market players.
You’ve navigated global compliance norms. How does India’s stance on AML for VDAs compare to jurisdictions like Singapore, the EU, or the UAE?
India’s stance on AML for VDA’s compares with the best of global jurisdictions. Indian VDA SP’s are required to ensure organisational risk assessment, robust KYC process, Sanctions Screening, Wallet Screening, Counterparty Risk Assessment, exercise due skill and care while dealing with High Risk Platforms, Clients and Jurisdictions, Effective transaction monitoring Ongoing Client Due Diligence and Enhanced Due Diligence apart from having a continuous and effective transaction monitoring process through blockchain forensic tools and last but not the least duly complying with the Travel Rule. These aspects are in line with the AML practices of the mature jurisdictions.
What does a “good” AML system look like for an Indian crypto platform with cross-border users?
For Indian VDA service providers with cross border users, it is mandatory to implement comprehensive measures, including organizational risk assessments, robust Know Your Client (KYC) procedures, sanctions and wallet screening, and counterparty risk evaluations. They must also exercise due diligence when engaging with high-risk platforms, clients, and jurisdictions. Apart from these, entities are required to have robust cyber security systems and processes to guard against cyber-attacks. More importantly, binding the User with affirmation and a clear explanation on the source of VDA is another area where the VDA Service provider needs to place emphasis.
Furthermore, service providers are expected to maintain effective transaction monitoring, conduct ongoing client due diligence (CDD) and enhanced due diligence (EDD), and utilize blockchain forensic tools for continuous oversight and monitoring. Crucially, they must also comply fully with the Travel Rule.
Continuous engagement and interaction with Financial Intelligence Unit (FIU) and Law Enforcement Agencies by promptly reporting suspicious activity and providing all antecedents of the client and the transaction, is paramount.
As tokenization expands – real estate, IP, art – how should AML teams adapt beyond just crypto trading risk?
A harmonized regulatory framework is essential for the effective tokenization of assets, with a strong emphasis on transparency and traceability. While blockchain technology inherently supports transparency, verifying the identity of token holders, particularly on privacy-oriented blockchains remains a significant challenge. This makes it difficult to ensure full compliance with Know Your Client (KYC) and Anti-Money Laundering (AML) requirements.
Moreover, the legal and regulatory landscape surrounding tokenized assets is still evolving, leading to uncertainty and potential compliance risks for both issuers and investors. Traditional AML technologies may fall short in detecting suspicious activities involving tokenized assets, highlighting the need for specialized tools and approaches. To address these challenges, intermediaries will likely need to significantly adapt their existing AML systems, often by leveraging the expertise of global service providers with deep knowledge in blockchain-based compliance solutions.
You’ve seen the early chaos. What kind of compliance maturity do you expect Indian VDA platforms to reach in the coming decade?
As previously discussed, Indian Virtual Digital Asset (VDA) service providers already adhere to robust compliance processes. Looking ahead, the industry remains optimistic that VDAs will be brought under a regulatory framework comparable to that governing traditional finance. This would not only reinforce adherence to existing KYC and AML requirements but also place intermediaries under the oversight of established regulators such as SEBI or RBI.
The introduction of a comprehensive regulatory framework would incentivize service providers to further enhance their internal processes and controls, ultimately promoting greater transparency, bolstering client confidence, and supporting the long-term growth and credibility of the VDA industry.
About Muthuswamy Iyer:
Muthuswamy Iyer has over 25 years of experience mainly in the securities market and Web3/ blockchain sectors, which include pivotal roles at WazirX, Edelweiss Broking Ltd, Karvy Stock Broking Ltd, Angel Broking Ltd and National Stock Exchange of India Ltd, Muthuswamy brings extensive experience in regulatory compliance, adherence to guidelines under PMLA and active interfacing with regulators and law enforcement agencies.
Mr. Muthuswamy has held leadership positions in Compliance at WazirX, Edelweiss Broking Ltd, Karvy Stock Broking Ltd and Angel Broking Ltd, where he developed robust compliance systems for stock broking, wealth management, and depository services.
Presently as Chief Compliance Officer (CCO) at CIFDAQ, Muthuswamy oversees regulatory compliance for the Virtual Digital Asset related businesses which includes ensuring implementation of KYC and AML policies and interfacing with the regulatory authorities, law enforcement and the Financial Intelligence Unit (FIU), ensuring the company continues to adhere to applicable regulatory standards.
