FIU-IND now requires crypto firms to undergo CERT-In-approved audits to boost security and combat money laundering.
India pushes stricter checks on crypto platforms to curb hacks and boost compliance.
Photo Credit: Unsplash/Ewan Kennedy
In response to an increase in high-profile cybercrime, the government has directed all cryptocurrency exchanges, custodians, and intermediaries in India to undergo cybersecurity audits, as per a report by The Economic Times. Virtual digital asset (VDA) service providers have to employ auditors affiliated with the Indian Computer Emergency Response Team (CERT-In), the nodal agency under the Ministry of Electronics and Information Technology, tasked with safeguarding cyberspace. This directive is issued by the Financial Intelligence Unit (FIU-IND).
FIU-IND supervises compliance with the Prevention of Money Laundering Act, 2002 (PMLA), and the audits will now be a prerequisite for VDA firms seeking or maintaining registration with the FIU-IND. Web3 entities operating with VDAs were brought under the PMLA framework in 2023, placing them on the same compliance level as banks and financial institutions.
Currently, there are around 55 registered firms in India engaged in the exchange, transfer, safekeeping, and financial services of VDAs. The FIU-IND is the only authority that can deny or cancel registration if a firm is found in violation of PMLA requirements.
According to the report, as per the report by local exchange Giottus, the move comes at a time when cryptocurrency-related crimes account for nearly 20-25 percent of all cybercrimes in India. Hackers often use darknet markets, privacy-enhancing coins, and mixing services to launder stolen assets, making investigations complex.
“We see the FIU-IND's move to make CERT-In-approved cybersecurity audits mandatory as a welcome step. For an industry built on trust, robust security standards are not optional, but they are essential. By aligning exchanges, custodians, and intermediaries to a common benchmark, this regulation will strengthen user confidence and bring Indian platforms closer to global best practices,” said Avinash Shekhar, Co-Founder & CEO of Pi42. He further added that while audits would require investment of time and resources, the benefits outweighed the costs.
Edul Patel, CEO of Mudrex, echoed the sentiment, “As India's digital asset ecosystem continues to grow, safeguarding investors and building trust remain critical. This directive is a significant step towards strengthening security standards and fostering a safer, more resilient industry.”
Experts say the move is likely driven by recent hacks targeting Indian crypto platforms. Purushottam Anand, Advocate and Founder of Crypto Legal, called the mandate “a step in the right direction,” but noted the FIU-IND had replaced the earlier Fit & Proper certificate with a Partner Accreditation for Compliance & Trust (PACT) certificate. He said the change narrows assessments to compliance aspects, though more guidance is expected.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.