Regulation of Virtual Digital Assets in India: Additional Obligations on Service Providers under PMLA

Regulation of Virtual Digital Assets in India: Additional Obligations on Service Providers under the purview of PMLA

Introduction

Cryptocurrencies or virtual currencies are virtual digital assets (VDAs) that exist only in a virtual form and use a technology called blockchain^[1]. There is no sector-specific regulatory framework for virtual currencies. To define VDAs, Government introduced new provisions in the Union Budget for 2022-23 to tax and track VDAs. The budget, together with the tax framework, defined virtual digital assets for the first time. In section 2(47A) of the Income Tax Act of 1961, VDAs are defined as

“(a) any information or code or number or token (not being Indian currency or foreign currency), generated through cryptographic means or otherwise, by whatever name called, providing a digital representation of value exchanged with or without consideration, with the promise or representation of having inherent value, or functions as a store of value or a unit of account including its use in any financial transaction or investment, but not limited to investment scheme; and can be transferred, stored or traded electronically;

(b) a non-fungible token or any other token of similar nature, by whatever name called;

(c) any other digital asset, as the Central Government may, by notification in the Official Gazette specify”

Transferring cryptocurrency between digital wallets is a simple and convenient process and individuals have the option to purchase and sell cryptocurrencies through various channels, including central exchanges, brokers, or even directly from other owners. It is designed to provide peer-to-peer and transparent transactions^[2], however, with little regulatory oversight, the transactions are susceptible to exploitation by bad actors^[3].

Regulation of Crypto Currency in India

VDAs pose challenges and risks, such as money laundering, terrorist financing, tax evasion, and cyberattacks^[4]. Therefore, VDAs should be regulated by the authorities to ensure their legality, security, and transparency. Regulation of VDAs can also help create a conducive environment for the growth and development of the industry while protecting the interests of the users and the economy. The primary regulators of VDAs in India are as follows:

1. Reserve Bank of India

2. Registrar of Companies (“RoC”), The Ministry of Corporate Affairs

3. Income Tax Department (“IT Department”), Government of India

4. Securities Exchange Board of India (“SEBI”)

5. The Advertising Standards Council of India (“ASCI”)

Regulatory Milestones

The Pendulum of Cryptocurrency Legality

In 2013, RBI issued a circular^[5] warning against the use of virtual currencies, the circular advised traders to avoid cryptocurrency trading because RBI then believed crypto was an unstable market and cautioned about the various dangers involved in trading digital assets^[6]. In 2017, RBI stated that it has not given “license/authorization to any entity/company to operate such schemes or deal with Bitcoin or any virtual currency” and that individuals are to invest at their risk^[7]. Subsequently, in 2018, RBI banned Virtual Currencies^[8] with major concerns that virtual currencies could be easily hacked and there might be speculative actions since there are no real assets backing them, which could result in a big loss to the holder of VDAs. However, in 2020, the Supreme Court of India lifted the ban on cryptocurrencies imposed by RBI in the case of Internet and Mobile Association of India v. Reserve Bank of India^[9], relieving the crypto industry in the country. The SC reasoned that the circular violated the rights protected by Article 19(1)(g) and violated the principle of proportionality, and suggested that guidelines would have been a more proportionate response than an outright ban.^[10]

Amendment of Schedule III of the Indian Companies Act, 2013

The Ministry of Corporate Affairs on 24th March 2021 issued a notification amending Schedule III of the Companies Act, 2013 and requiring companies to disclose their profits/loss and the number of virtual currencies held,^[11] in their financial statements from April 4, 2021. Where the Company has traded or invested in Cryptocurrency or Virtual Currency during the financial year, the following shall be disclosed:

1. profit or loss on transactions involving cryptocurrency or Virtual Currency

2. amount of currency held as at the reporting date,

3. deposits or advances from any person for the purpose of trading or investing in Crypto Currency/ virtual currency.

Guidelines for the advertising of Virtual Digital Assets and linked services

The Advertising Standards Council of India, the advertising industry’s self-governing body issued ‘Guidelines for the advertising of Virtual Digital Assets and linked services’, a first of their kind in India in 2022. The Guidelines came into effect on April 1, 2022, and apply to all new advertisements on virtual digital assets released or published after this date.^[12] The Guidelines set out standards for advertising VDAs such as the type of disclaimers to include, information that may be advertised/relied on and details to be shared, among other things.

Union budget for 2022-23

In the Union budget of 2022-23, the Government of India explicitly outlined certain tax regulations pertaining to Virtual Digital Assets (VDAs). It was stated that the transfer of any virtual currency asset would be subject to a flat 30% tax rate^[13]; losses from non-VDA activities cannot be set off against income from VDAs and losses from the trade of VDAs cannot be set off against any non-VDA income, and losses from the trade of VDAs cannot be carried forward (to the next financial year)^[14].

CERT-In Cybersecurity Directions

Indian Computer Emergency Response Team (CERT-In) issued Cyber Security Directions^[15] on 28.04.2022,  according to which “the virtual asset service providers, virtual asset exchange providers and custodian wallet providers (as defined by Ministry of Finance from time to time) shall mandatorily maintain all information obtained as part of Know Your Customer (KYC) and records of financial transactions for a period of five years so as to ensure cyber security in the area of payments and financial markets for citizens while protecting their data, fundamental rights and economic freedom in view of the growth of virtual assets.” ^[16]

Cryptocurrency and Regulating the Official Digital Currency Act, 2021 (2021 Bill)

The 2021 Bill is currently under review by the Indian Parliament for approval. Although the contents of the 2021 bill have not yet been made public, it is said that it would establish an enabling framework for RBI’s official digital currency issue and prohibit private currency non-state, based on news reports^[17]. However, the 2021 bill has not yet been notified and has no legal effect. Before the Bill 2021, the Indian Government’s Inter-Ministerial Committee had proposed the 2019 Cryptocurrency Bill and Regulation of Official Digital Currency, however, it did not materialise into law.

PMLA

The Prevention of Money Laundering Act (PMLA) in India imposes obligations on financial institutions and persons engaged in designated businesses or professions. Section 2(1)(s) of the PMLA expands the definition of “person carrying on designated business or profession” to include individuals engaged in activities designated by the Central Government. A “reporting entity” (RE) is defined in Section 2(wa) of the PMLA as a banking company, financial institution, intermediary, or a person carrying on a designated business or profession. The Act mandates reporting entities to maintain and verify the identity of clients and beneficial owners. To verify the identity of the customer and evaluate and monitor the risk of the customer, financial companies follow a process known as KYC (Know Your Customer). KYC regulations help prevent crimes such as money laundering, terrorism financing, and other fraud schemes^[18]. KYC was made compulsory by RBI in 2004^[19] for all financial institutions to verify the identity as well as address of all the customers that are carrying out financial transactions with them.^[20]

Subsuming the business of cryptocurrency under the ambit of PMLA

The Ministry of Finance has revised the Prevention of Money Laundering (Maintenance of Records) Rules to expand the coverage of Know Your Customer (KYC) standards to include entities involved in VDAs as reporting entities. On March 7, 2023, the Department of Finance, Ministry of Finance, released a notification[21] under Section 2 (1) (sa) (vi) of the Prevention of Money Laundering Act, 2002 (PMLA). This notification expands the definition of “person carrying on designated business or profession” to include specific activities and transactions related to VDAs. As a result, VDAs are now brought within the scope of the PMLA. The following activities have been notified when carried out for or on behalf of another natural or legal person in the course of business as an activity for the purposes of subclause (vi) of clause (sa) of subsection (1) of section 2 of the Prevention of Money Laundering Act, 2002 (15 of 2003):

• exchange between virtual digital assets and fiat currencies;
• exchange between one or more forms of virtual digital assets;
• transfer of virtual digital assets;
• safekeeping or administration of virtual digital assets or instruments enabling control over virtual digital assets; and
• participation in and provision of financial services related to an issuer’s offer and sale of a virtual digital asset.

As a result of this expansion, Virtual Assets Service Providers (SP) are now considered reporting entities under the PMLA. Consequently, it becomes imperative for these SPs entities to diligently uphold compliance with Chapter IV of the PMLA and the Prevention of Money Laundering (Maintenance of Records) Rules, 2005 (PMLR). As part of RE registration, SPs must disclose their account details with banks/FIs where they hold accounts for transactions as well as for holding client money.^[22]

FIU-IND Guidelines for Virtual Assets Service Providers

In October 2021, the Financial Action Task Force (FATF) released new guidelines for dealing with virtual assets and providers. These guidelines aim to help regulators create rules for virtual asset activities and assist SPs in understanding and fulfilling their Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CTF) obligations[23]. In a positive move, the Financial Intelligence Unit of India (FIU-IND) has taken a proactive step by circulating the AML & CFT Guidelines for SPs (Virtual Digital Asset Service Providers), also known as the “FIU- IND Guidelines” before the FAFT’s assessment of India in the fourth round of mutual evaluations this year^[24]. These guidelines serve as a valuable playbook, empowering SPs to combat money laundering, terrorist financing, and other illicit financial activities with confidence. The captivating aspect lies in the fact that these guidelines transcend the boundaries set by the conventional framework of the Prevention of Money Laundering Act (PMLA), unequivocally showcasing a resolute dedication to adapt in sync with the ever-evolving milieu. PMLA in conjunction with the FIU-IND guidelines imposes additional obligations on SPs which are as follows:

Registration and reporting requirements

SPs must register as reporting entities with the FIU-IND and report transaction details, including suspicious transactions, within specified timelines.

Internal Mechanism: Policies and procedures to Combat Money Laundering, Counter Terrorist Financing and Combat Proliferation Financing

Reporting entities have a legal obligation, as per Rule 7(3) of the PMLR, to establish an internal mechanism aligned with the guidelines. This mechanism aims to detect transactions specified under Rule 3(1) and provide information about them to the FIU-IND. Compliance with this obligation is essential for reporting entities to effectively prevent money laundering, terrorist financing, and related crimes. Rule 7(4) further mandates that internal controls should be observed not only by reporting entities but also by their designated directors, officers, and employees.

Appointments

The appointment of a principal officer and a designated director is required to oversee compliance with the PMLA and PML Rules. Details of the principal officer and designated director must be provided to the FIU-IND.

Know Your Customer (KYC) Norms

Due to the anonymous and instantaneous nature of VDA transfers and the risk of misuse by state and non-state actors for illicit purposes, all service providers (SPs) must have a robust mechanism to comply with Know Your Customer (KYC) requirements. This includes performing KYC procedures before onboarding clients/wallets and performing re-KYC for existing customers. SPs must also make efforts to identify the beneficial owner and employ reasonable measures to verify their identity, ensuring the establishment of beneficial ownership. Recent amendments to Rule 9(3)(1) of PMLR have lowered the threshold for beneficial ownership from 25% to 10%.

Identity Verification/ Client Due Diligence

According to Section 11A of PMLA, SPs are now required to verify the identity of their clients and beneficial owners when establishing an account-based relationship.

Due Diligence

Section 12AA of the Act mandates identity verification and due diligence processes which streamlines compliance across market participants. SPs must exercise ongoing due diligence, including reviewing measures when there are suspicions of money laundering, terrorist financing, or doubts about client identities.

Enhanced due diligence is required for specific transactions. SPs are obligated to maintain physical copies of updated client identification records, account files, business correspondence, and transaction records for a period of five years.

Sanctions Screening

SPs must conduct sanctions screening during client onboarding and VDA transfers, in accordance with United Nations Security Council Resolutions and related directives on terrorism financing and proliferation.

Adoption of Employee Screening Procedures and Training

SPs must implement screening procedures during employee hiring and provide role-specific training in client onboarding, KYC, due diligence, sanctions screening, record keeping, and transaction processing.

Counterparty Due Diligence

SPs facilitating VDA transfers between wallets must perform due diligence on the receiving SP before sharing any information.

Travel Rule

SPs must screen, record, and communicate “required and accurate originator information, and required beneficiary information”[25] on VDA transfers. It must submit the above information to the beneficiary SP or financial institution and make it available on request to appropriate authorities.

Restriction on tip-off

SPs and their personnel are prohibited from disclosing to clients that suspicious transaction reports or related information are being reported to the FIU-IND.

Conclusion

The implementation of guidelines for virtual digital assets (VDAs) in India has significant implications. It extends existing rules to VDAs, providing a framework for monitoring and addressing malpractices in the virtual asset sector. Consequently, this heightened level of scrutiny and reporting framework will enhance the overall legitimacy of VASPs^[26]. This standardization fosters transparency, builds trust, and strengthens regulatory control. Concerns remain regarding the absence of a central regulatory authority for VDA entities^[27]. However, it is imperative to prioritize the establishment of a comprehensive regulatory framework to ensure effective supervision and governance in the realm of crypto assets. Simultaneously, fostering international cooperation is vital to prevent regulatory arbitrage and establish consistent global standards. By adopting a progressive regulatory approach, India has the opportunity to emerge as a leader in the Virtual Digital Assets (VDA) sector.

[1] Aman Nair, Vipul Kharbanda, Aryan Gupta “Report on Regulation of Private Crypto-Assets in India — the Centre for Internet and Society.” Cis-India.org, 2021, cis-india.org/internet-governance/blog/report-on-regulating-private-crypto-assets-in-india-public-consultation. Accessed 30 May 2023.

[2] Z. Zhong et al., “SilkViser: A Visual Explorer of Blockchain-based Cryptocurrency Transaction Data,” 2020 IEEE Conference on Visual Analytics Science and Technology (VAST), Salt Lake City, UT, USA, 2020, pp. 95-106, doi: 10.1109/VAST50239.2020.00014.

[3] Eleonora Vassanelli. “Money Laundering and Cryptocurrencies: A Case Study of Mexican Drug Cartels” Crossfire KM, 18 Nov. 2020, www.crossfirekm.org/articles/money-laundering-and-cryptocurrencies-a-case-study-of-mexican-drug-cartels. Accessed 29 May 2023.

[4] —, Standard Operating Procedures (SOPs) to Regulate Key Concern Areas of Virtual Digital Assets (VDAs) a REPORT by CHASE INDIA & INDUSLAW, 17 May 2023, induslaw.com/publications/pdf/alerts-2023/induslaw-chase-india-report-2023.pdf.

[5] Press Release No. 2013-2014/1261 dated December 24, 2013

[6] Tech Desk. “From Outright Ban to ‘Clear Danger’: A Look at RBI’s Stance on Crypto in India.” The Indian Express, The Indian Express, July 2022, http://surl.li/hmabu. Accessed 30 May 2023.

[7] Press Release No. 2016-17/2054 dated Feb 01, 2017

[8] Press Release No. RBI/2017-18/154 Dated April 6, 2018

[9] [Writ Petition (Civil) No. 528 of 2018]

[10] Ibid

[11] Ashwani Mishra, “Amendments in Schedule-III to Companies Act Wef FY 2021-22.” TaxGuru, 25 Aug. 2022, taxguru.in/company-law/amendments-schedule-iii-companies-act-2013-effective-fy-2021-22.html. Accessed 26 May 2023

[12] Bhumika Indulia. “ASCI Releases Guidelines for Advertising of Virtual Digital Assets and Linked Services | SCC Blog.” SCC Blog, 23 Feb. 2022, www.scconline.com/blog/post/2022/02/23/asci-releases-guidelines-for-advertising-of-virtual-digital-assets-and-linked-services/. Accessed 29 May 2023.

[13] “Union Budget 2022-23 Analysis.” PRS Legislative Research, 27 May 2023, prsindia.org/budgets/parliament/union-budget-2022-23-analysis. Accessed 27 May 2023.

[14] Clause 28 of Finance Bill 2022

[15] No. 20(3)/2022-CERT-In

[16] Ibid

[17] —, “Bill on Cryptocurrency, Regulation of Official Digital Currency under Finalisation: FinMin.” Thehindubusinessline.com, 13 Dec. 2021, www.thehindubusinessline.com/money-and-banking/cryptocurrency/bill-on-cryptocurrency-regulation-of-official-digital-currency-under-finalisation-finmin/article37946900.ece. Accessed 31 May 2023.

[18] Lowe, Jennifer. “What Is KYC? Financial Regulations to Reduce Fraud.” Plaid, Plaid, 2022, plaid.com/resources/banking/what-is-kyc/. Accessed 30 May 2023.

[19] Saran, Prashant. “Know Your Customer’ (KYC) Guidelines – Anti Money Laundering Standards.” Reserve Bank of India, 29 November 2004, https://www.rbi.org.in/scripts/NotificationUser.aspx?Id=142&Mode=0.

[20] — ,“KYC Meaning: What Is KYC, Types and Importance of KYC – India Infoline.” India Infoline, India Infoline, 2020, www.indiainfoline.com/knowledge-center/kyc/what-is-kyc-meaning-types-and-importance. Accessed 26 May 2023.

[21] F. No. P-12011/12/2022-ES Cell-DOR

[22] AML & CFT Guidelines For Reporting Entities Providing Services Related To Virtual Digital Assets

[23] PwC Global Crypto Regulation Report 2023. 19 Dec. 2022, www.pwc.com/gx/en/newventures/cryptocurrency-assets/pwc-global-crypto-regulation-report-2023.pdf

[24]Neha Singh. “Latest Developments in India’s Regulatory Framework for Virtual Digital Assets.” CoinDCX-Blog, 16 Mar. 2023, coindcx.com/blog/announcements/latest-developments-in-indias-regulatory-framework-for-virtual-digital-assets/. Accessed 30 May 2023.

[25] Supra note 21

[26] — “MAKING CRYPTO INDUSTRY COMPLIANT IN INDIA: A WELCOME MOVE UNDER THE ANTI-MONEY LAUNDERING LAWS” Nishithdesai.com, 2023, www.nishithdesai.com/SectionCategory/33/Research-and-Articles/12/60/NDAHotline/9522/1.html. Accessed 26 May 2023.

[27] Supra note 1