India is taking significant steps to enhance regulation in the cryptocurrency space, requiring bank-grade compliance measures for crypto platforms. This includes cybersecurity audits and stricter oversight to combat cybercrime and ensure user protection.
Crypto Exchanges in India Must Adhere to Bank-Level Compliance Standards
Reports indicate that India has made it mandatory for cryptocurrency exchanges, custodians, and intermediaries to undergo cybersecurity audits. The Financial Intelligence Unit (FIU) has directed virtual digital asset (VDA) service providers to engage auditors approved by the Indian Computer Emergency Response Team (CERT-In), which is responsible for overseeing the country’s cybersecurity infrastructure. These audits are now a prerequisite for FIU registration, placing VDA service providers under similar compliance obligations as banks under the Prevention of Money Laundering Act, 2002.
Commenting on this development, Harshal Bhuta, a partner at P. R. Bhuta & Co., mentioned that the introduction of cybersecurity audits may have been prompted by recent crypto theft incidents. He emphasized that compliance with CERT-In directives, such as log maintenance and retention of subscriber data, will assist investigative agencies in tracking illicit fund flows through cryptocurrency transactions.
According to data from local platform Giottus, crypto-related crimes now account for 20–25% of India’s total cyber offenses. Criminals often exploit darknet markets, privacy-enhancing coins, mixers, and inadequately regulated exchanges to obfuscate illegal financial activities. In response, the FIU has replaced the “Fit & Proper” certificate with the “Partner Accreditation for Compliance & Trust” certificate, underscoring a heightened focus on regulatory adherence.
While some experts view these measures as a positive step towards safeguarding users, challenges remain. There are concerns about whether auditors familiar with traditional financial institutions can effectively address crypto-specific vulnerabilities, such as securing private keys. Additionally, broader industry issues like high taxation and regulatory ambiguity continue to pose challenges.
India’s approach to cryptocurrency regulation has been cautious, with the government opting to maintain distance from full legalization to mitigate risks associated with volatile assets. Profits from crypto assets are subject to a 30% tax, with a 1% tax deducted at source on transactions. The Income-Tax Bill 2025 defines VDAs and mandates reporting by entities handling them. Officials acknowledge the complexities of regulating decentralized trading and express reservations about potential disruptions from U.S. stablecoin legislation on global payments and India’s payment systems.