Technology Law Analysis
March 13, 2023
Making Crypto Industry Compliant in India: A Welcome Move under the Anti-Money Laundering Laws
The Ministry of Finance (“MoF”) has recently extended the applicability of certain compliance obligations under the Prevention of Money Laundering Act, 2002 (“PMLA”) to various service providers in the virtual digital asset ecosystem (virtual asset service providers i.e. “VASPs”).
The PMLA stipulates measures to prevent money laundering and also provides for the confiscation of property involved in money laundering. In the recent past, authorities (such as the Directorate of Enforcement) have taken recourse under the PMLA against different VASPs in India including issuing orders freezing their assets.1
Although the Supreme Court of India in the IAMAI case affirmed the VASPs fundamental right to trade and do business, guaranteed under the Constitution of India, it has not been a smooth journey for the exchanges. These exchanges have been subject to investigations by various government authorities and their assets have been frozen in the course of their trade. The Notification is a positive step towards bringing more clarity on the compliance requirements. The VASPs will now be treated at par with financial institutions, banking companies, and intermediaries and will be subject to the rigours of the PMLA and PMLA Rules. This mechanism will ultimately benefit the entire ecosystem as the bad actors will be identified and eliminated, due to the constant reporting of suspicious transactions. Further, the legitimacy of VASPs should also improve the customers’ trust and help in attracting institutional capital.
The RBI in May 202127, had clarified to banks, payment system operators, and others (“Banking and Payment Sector”) that they may, continue to carry out customer due diligence processes with respect to the transactions involving virtual currencies, in line with governing standards and obligations of the regulated entities under the PMLA. Now with compliances to be carried out by VASPs under the PMLA read with PMLA Rules it would be interesting to see whether the taboo adopted against VASPs by the Banking and Payment Sector will reduce.
The VASPs operating in India will need to build in appropriate internal infrastructure in order to comply with the aforesaid requirements as conducting KYC and keeping a track of the transactions facilitated by the VASPs is no more a ‘good to have’ industry practice but a legal obligation. While VASPs may already have KYC policies in place, they will have to match them to the standards provided under the PMLA read with the PMLA Rules.
The extra-territorial application of the PMLA being ambiguous, the non-resident VASPs having an Indian user base should also take note of the Notification and build appropriate safeguards.
The Notification aligns with Nishith Desai Associates’ previous recommendation submitted in 2017, a “Draft Code of Self-Regulation for Virtual Currency Businesses in India” (“Draft Code”) to an Inter-ministerial Committee which was set up to study virtual currencies.28
We recommended to the Inter-ministerial Committee that a self-regulatory code, such as the Draft Code, backed by a statutory mandate may be introduced imposing compliance obligations as per the KYC/AML norms prescribed under the PMLA.29 Further in 2018, we had separately also suggested in our research paper “Building a Successful Blockchain Ecosystem for India”,30 that crypto business activity may be notified as a “designated business or profession” under the PMLA to mitigate money laundering risks. The Draft Code, inter alia, provided for a certification mechanism for a business that satisfied certain eligibility criteria and subjected them to compliances similar to those prescribed under PMLA such as maintaining records of the identity of customers, business activities and transactions, and reporting of materially non-compliant transactions.
The Draft Code, although voluntary and without statutory backing such as under the PMLA, was a first-of-its-kind in 2017. It was originally prepared for the Digital Asset and Blockchain Foundation of India (DABFI), which was later subsumed into the erstwhile Blockchain and Crypto Assets Council (BACC) of the Internet and Mobile Association of India (IAMAI).31 Such measures helped businesses to demonstrate their diligence when called upon by law enforcement agencies and also helped in tracing/reconstructing suspicious transactions, identifying perpetrators and helping criminal proceedings. The Notification provides statutory recognition to these KYC/AML measures suggested before and ushers in uniform practices across the industry.
The regulators are further enabled under the PMLA read with applicable rules to issue enhanced or simplified measures to verify the client's identity. The RBI has already issued Know Your Customer (KYC) Direction, 2016 which applies to the Banking and Payment Sector. It would be interesting to see if any regulator issues specific rules for VASPs or subject them to the existing regulations, especially in the case of the RBI, as it has been a strong advocate of banning crypto-related business, but would now have to adopt a balanced approach of regulation instead of prohibition.
The Indian government has been vocal about promoting blockchain, although heavily discouraging crypto at the same time. Further, in a few instances, the government has also suggested that it will await global consensus before passing any law regulating VDAs. However, lately, there have been a few changes introduced with respect to VDAs such as a new tax regime, reporting of VDAs under the Companies Act and now maintenance of records under the PMLA, which together have led to reducing uncertainty regarding the status of VDAs in India. These changes collectively may also be an encouraging opportunity for a new breed of service providers under the VDA ecosystem. However, ambiguity still exists on the overall regulatory direction of VDAs in India, and the introduction of a separate legislation/regulation for VDAs would be a step forward for the overall development of the industry.
You can direct your queries or comments to the authors
1Under PMLA, INR 936 crore related to crypto currency is attached/seized/freezed by ED as on 31.01.2023 - https://pib.gov.in/PressReleseDetailm.aspx?PRID=1896722
2Section 12 AA of the PMLA.
3“Reporting entities” under section 2(1)(wa) of the PMLA is defined as “a banking company, financial institution, intermediary or a person carrying on a designated business or profession”.
4Other categories which fall under the PCDBP definition include (a) persons which carry out activities such as playing games of chance for cash or kind, (b) the Inspector-General of Registration appointed under the Registration Act, 1908, (c) real estate agents as notified by the government, (d) dealers in precious metals, precious stones and other high-value goods, and (e) persons engages in safekeeping and administration of cash and liquid securities on behalf of other persons.
5Simple Agreement Against Future Tokens.
6Section 11A of the PMLA.
7“Client” under section 2(1)(ha) of the PMLA is defined as “a person who is engaged in a financial transaction or activity with a reporting entity and includes a person on whose behalf the person who engaged in the transaction or activity, is acting.”
8“Beneficial owner” under section 2(1)(fa) of the PMLA is defined as “an individual who ultimately owns or controls a client of a reporting entity or the person on whose behalf a transaction is being conducted and includes a person who exercises ultimate effective control over a juridical person.”
9Rule 9(1)(a) of the PMLA Rules.
10Rule 9(1)(b) of the PMLA Rules.
11Rule 9(1A) of the PMLA Rules.
12Section 12AA of the PMLA.
13As defined under explanation to section 12AA of the PMLA.
14Section 12 of the PMLA
15Section 12(3) of the PMLA.
16Necessary related information includes (a) nature of the transaction, (b) amount of the transaction and the currency in which it was denominated, (c) date on which the transaction was attempted or executed, and (d) parties to the transaction.
17Rule 3 of the PMLA Rules.
18Section 12(4) of the PMLA.
19The RE is required to appoint a Designated Director i.e. Managing Director or whole time director in case the RE is a company or a person designated by the RE to ensure overall compliance with the obligations with respect to maintenance and furnishing of records, and enhanced due diligence to be conducted by the RE.
20Rule 7(1) of the PMLA Rules.
21Rule 8 of the PMLA Rules.
22Section 12(1)(e) of the PMLA
23Section 13(1) of the PMLA.
24Section 13(1A) of the PMLA.
25Section 13(2) of the PMLA.
26Section 14 of the PMLA.
27 RBI/2021-22/45 DOR. AML.REC 18 /14.01.001/2021-22 dated May 31, 2021 - https://rbi.org.in/Scripts/NotificationUser.aspx?Id=12103
28This committee comprised of members including from the Central Board of Direct Taxes (CBDT), the Ministry of Home Affairs, Ministry of Electronics and Information Technology (MeitY), Reserve Bank of India (RBI), and the National Institution for Transforming India (NITI Aayog).
The contents of this hotline should not be construed as legal opinion. View detailed disclaimer.