India's Financial Intelligence Unit (FIU), operating under the Union Finance Ministry, has significantly tightened Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations for cryptocurrency exchanges. New guidelines, issued on January 8, classify crypto exchanges as Virtual Digital Asset (VDA) service providers, requiring them to implement more robust verification processes than simple document uploads. Under the updated framework, users onboarding onto crypto platforms must now undergo mandatory 'live selfie' verification. This involves using software capable of liveness detection, such as verifying eye-blinking or head movements, to prevent the use of static images or deepfakes. Additionally, exchanges are required to capture precise geographical coordinates (latitude and longitude), along with the date, timestamp, and IP address from which an account creation process is initiated. These measures are designed to establish the physical presence and authenticity of the user. Further enhancing due diligence, the FIU guidelines mandate the 'penny-drop' verification method, where a nominal Re 1 transaction is processed to confirm that the provided bank account is active and truly belongs to the registrant. Beyond the Permanent Account Number (PAN), users are now also required to submit a secondary identity document, such as a Passport, Aadhaar, or Voter ID. Both email ID and mobile number verification via OTP are also compulsory. The FIU has also expressed a strong stance against tools and activities that can conceal the trail of crypto transactions. The guidelines 'strongly discourage' Initial Coin Offerings (ICOs) and Initial Token Offerings (ITOs), citing their lack of economic justification and elevated risks. Furthermore, facilitating transactions linked to anonymity-enhancing tokens, tumblers, or mixers is prohibited. Crypto exchanges, designated as 'reporting entities' under the Prevention of Money Laundering Act (PMLA), must register with the FIU, submit regular reports on suspicious transactions, and maintain client and transaction records for a minimum of five years. Periodic KYC updates are also required: every six months for high-risk clients and annually for others. These comprehensive regulations underscore India's commitment to combating money laundering and terror financing within the digital asset ecosystem.