The global anti-money laundering and combating the financing of terrorism (AML/CFT) watchdog – the Financial Action Task Force (FATF) — discussed and adopted India’s Mutual Evaluation Report (MER) at its plenary in Singapore in June 2024. The report was made public on September 19.
The plenary concluded that India has reached a high level of technical compliance with the FATF requirements and its AML/CFT and counter-proliferation financing regime is achieving good results. India is placed in the ‘regular follow-up’ category–the highest rating given by the global watchdog, and a distinction shared by only four other G20 countries including Italy, France and the UK. This marks a significant milestone in the nation’s efforts to combat money laundering (ML) and terrorist financing (TF). ‘Regular follow-up’ means India needs to submit a progress report on recommended actions only in 2027.
India’s performance on the FATF Mutual Evaluation holds significant advantages for the country’s growing economy, as it demonstrates the overall stability and integrity of the financial system. Good ratings will lead to better access to global financial markets and institutions and increase investor confidence. It will also help in the global expansion of the Unified Payments Interface (UPI), India’s fast payment system.
Over a two-year period, the Department of Revenue (DoR) spearheaded India’s engagement with FATF during the mutual evaluation process. This success was driven by the exceptional efforts and invaluable contribution of a diverse, multi-disciplinary team comprising representatives from various Ministries, the National Security Council Secretariat (NSCS), State authorities, the judiciary, financial sector regulators, self-regulatory organizations, financial institutions, and businesses. This collaborative effort demonstrated India’s effective AML/CFT framework.
What is Mutual Evaluation?
Mutual evaluations are in-depth country reports analyzing the implementation and effectiveness of measures to combat money laundering, terrorist, and proliferation financing. The reports are peer reviews, where members from different countries assess another country. Mutual evaluation by FATF is a long and complicated process that requires an intense and coordinated effort from the assessed country. Most countries in the world have only partially succeeded in navigating the process. This is evident from the fact that 13 countries of the G20 are in enhanced follow up including the USA, China, Germany, Canada, and Japan; and South Africa is in the grey list (jurisdictions under increased monitoring).
FATF Recommendations
The FATF Recommendations provide a comprehensive framework of measures to help countries tackle illicit financial flows. The FATF Recommendations are also often referred to as the FATF Standards, which comprise the Recommendations themselves and their Interpretive Notes, together with the applicable definitions in the Glossary.
The 40 Recommendations are divided into seven distinct areas:
- AML/CFT Policies and Coordination
- Money laundering and confiscation
- Terrorist financing and financing of proliferation
- Preventive measures
- Transparency and beneficial ownership of legal persons and arrangements
- Powers and responsibilities of competent authorities and other institutional measures
- International cooperation
For each Recommendation, assessors should conclude the extent to which a country complies (or not) with the standard. There are four possible levels of compliance:
- Compliant (there are no shortcomings)
- Largely compliant (there are only minor shortcomings)
- Partially compliant, and (there are moderate shortcomings)
- Non-compliant (There are major shortcomings)
In October 2018, the FATF strengthened its Recommendation 15 (R15) to address Virtual Assets (VAs) and VASPs. Recommendation 15 pertains to new technologies and virtual assets/virtual asset service providers (VA/VASPs) are covered under this.
Criteria 15.3 to 15.11 deal extensively with VA/VASPs and observations made in India’s MER is listed below:
| Recommendation | Observation |
| 15.3
(Identifying and assessing risks) |
India has carried out a sectoral risk assessment (SRA) of VAs and VASPs to identify and assess the ML/TF risks emerging from VAs and the activities or operations of VASPs, covering all VASP activities described in the FATF Glossary. The SRA was issued in February 2023, which was before India regulated the activity of VASPs and submitted them to registration.
Considering the fast-paced developments in the sector following the conclusion of the SRA, including India’s decision to submit the sector to registration, the SRA is already outdated. India plans to review the SRA on an annual basis. However, India continues to identify and assess ML and TF risks arising from VAs and VASPs through other means. Risk understanding is being informed by the VASP supervisor, Financial Intelligence Unit-India (FIU-IND) regular engagement with Law Enforcement Authorities (LEA) in the monthly meetings of the virtual assets contact group, and through meetings of the sub-working group on Peer-2-Peer transactions and cybercrimes which is attended by VASPs and other Financial Institutions (FI). |
| 15.4 (License and registration of VASPs; preventing criminals from holding or being a beneficial owner or holding a management function in a VASP) | As per the Ministry of Finance notification of March 7, 2023, persons that carry out the following activities for or on behalf of another natural or legal person in the course of business are Reporting Entities (REs): exchange between virtual digital assets and fiat currencies; exchange between one or more forms of virtual digital assets; transfer of virtual digital assets; safekeeping or administration of virtual digital assets or instruments enabling control over virtual digital assets; and participation in and provision of financial services related to an issuer’s offer and sale of a virtual digital asset.
Virtual Digital Assets are also defined under the Income Tax Act. The MOF and FIU-IND notifications are activity based. Any person including a legal person providing the listed services from India are subject to registration requirements and this would include VASPs that are legal persons created in India. Natural persons carrying out a ‘VASP activity’ from India are required to register in India. Pursuant to Standard Operating Procedure (SOP) for Registration of VASPs, following the electronic request for registration at FIU-IND’s portal, FIU-IND organises an in-person meeting with the VASP proposed Designated Director and Principal Officer to understand the VASP business model, as well as their level of understanding of compliance requirements. There are no express provisions for checks to identify criminal associates and to prevent criminals or their associates from being a beneficial owner of a VASP; however, there is a general provision noting “background or antecedent verifications through various databases/sources of information” would be conducted. Checks are performed with access to multiple databases such as the National Crime Records Bureau and Central Economic Intelligence Bureau. |
| 15.5 (Identify natural or legal persons that carry out VASP activities without the requisite license or registration and apply appropriate sanctions to them) | FIU-IND, LEAs, tax authorities and Indian Cyber Crime Coordination Centre (I4C) take action to identify legal persons that carry out VASP activities without the requisite licence or registration. FIU-IND uses market intelligence, social media and public source scraping to identify unregistered VASPs.
So far it has detected 11 unregistered VASPs which were approached for registration, 7 of which are fully registered and the remaining 4 are undergoing registration. LEAs have also identified three unregistered VASPs and were reported to FIU-IND. Since then, these VASPs also complied with registration requirements. FIU-IND can impose the sanctions specified in section 13 of the Prevention of Money Laundering Act (PMLA) to unregistered VASPs. In addition, the FIU-IND can request India’s Ministry of Electronics and Information Technology to block the URLs of persons carrying out VASP activities without registration. |
| 15.6 (Adequate regulation and risk-based supervision or monitoring by a competent authority; adequate powers to impose a range of disciplinary and financial sanctions, including the power to withdraw, restrict or suspend the VASP’s license or registration, where applicable) | VASPs are subject to regulation and systems for monitoring and ensuring compliance with AML/CFT requirements. The supervisory authority, FIU-IND, conducts risk-based supervision of VASPs, which have been categorised based on their ML/TF risks according to Standard Operating Procedure (SOPs) and a risk-matrix developed by FIU-IND.
FIU-IND has adequate powers to supervise and ensure compliance by VASPs with requirements to combat ML/TF, by conducting inspections, compelling the production of information and imposing a range of disciplinary and financial sanctions, among others. FIU-IND can deny or cancel registrations of VASPs that fail to comply with the provisions of the PMLA. |
| 15.7 (Guidelines and providing feedback to VASPs) | India issued the AML/CFT Guidelines to VASPs, to assist this sector applying national AML/CFT measures, and, in particular, detecting and reporting suspicious transactions. FIU-IND also provided feedback, which assisted VASPs in applying national measures to combat ML/TF.
A feedback session was conducted on 25 May 2023 to newly onboarded VASPs on general and specific obligations, including reporting obligations, National Risk Assessment (NRA) findings and, monitoring of transactions and periodic risk assessment. |
| 15.8 (Range of proportionate and dissuasive sanctions for non-compliance for VASPs, their directors and senior management) | The Director of FIU-IND may impose a series of a range of sanctions, including monetary sanctions if VASPs fail to observe the recordkeeping requirements or to provide the Director of FIU-IND with access to information that he or she considers necessary for the purposes of the PMLA. Monetary sanctions range from INR 10000 to INR 100000 for each failure. The FIU Director can also cancel the registration of VASPs not fulfilling their PMLA obligations.
For targeted financial sanctions (TFS), where there is indication of sufficient knowledge or participation in violation of TFS, the Unlawful Activities (Prevention) Act penalties would apply which are proportionate and dissuasive. However, as noted under R6 and R7, it is not clear to what extent VASPs can be administratively sanctioned for breaches of TFS obligations. The sanctions established under the PMLA are applicable both to VASPs and designated directors or employees, where in the course of any inquiry, the Director finds that an RE or its designated director or any of its employees has failed to comply with CDD and other obligations imposed. |
| 15.9 (Transaction threshold for conducting customer due diligence; obtain and hold originator-beneficiary information) | VASPs are subject to the requirements specified in the PMLA/ PML Rules in the same manner as financial institutions, as set out in R10 to 21, and are subject to the same shortcomings.
India requires VASPs to conduct customer due diligence in occasional transactions of INR 50000 or more. VASPs are subject to travel rule requirements in accordance with R16. There are no specific provisions requiring that the same obligations apply to financial institutions when sending or receiving virtual asset transfers on behalf of a customer, as required under c.15.9 (iv). However, financial institutions in India have not been given license or authorisation to send or receive virtual assets. |
| 15.10 (Targeted financial sanctions) | The obligations under section 51 of Unlawful Activities (Prevention) Act and section 12A of the Weapons of Mass Destruction and Their Delivery Systems (Prohibition of Unlawful Activities) Act and the targeted financial sanctions framework based on the relevant Office Memorandum thereunder (see R6 and 7) apply to VASPs.
FIU-IND also provides updates to the terrorist financing and proliferation financing-related targeted financial sanctions lists which are forwarded to the Reporting Entities registered with FIU-IND through Financial Intelligence Network (FINNET). |
| 15.11 (International cooperation) | A wide range of international cooperation may be provided to countries relating to VASPs, pursuant to sections 58, 58A, 58B and 60 of the Prevention of Money Laundering Act.
FIU-IND may exchange information with foreign financial intelligence units through the Egmont Group, and foreign LEAs through informal international co-operation, in the sense of R40. India has not demonstrated that FIU-IND is able to exchange information with foreign supervisors (in their capacity as a supervisor) on VASP related matters. |
Sources: FATF Methodology and India Mutual Evaluation Report
Overall observations and Technical Compliance Rating
The VASP Sectoral Risk Assessment carried out before the incorporation of the sector to AML/CFT obligations, is somewhat outdated and limited in scope. There are requirements to prevent criminals from owning or controlling or holding a management function in a VASP, but they do expressly not provide for checks to identify criminal associates and to prevent criminals or their associates from being a beneficial owner of a VASP.
VASPs are subject to risk-based AML/CFT supervision. Sanctions may not be sufficiently dissuasive for larger businesses. Guidance provided to the sector is adequate and India brought in requirements to implement the travel rule. India has not yet established channels for international cooperation with other VASP supervisors.
Recommendation 15 is rated Largely Compliant.
To know the status of R15 compliance across jurisdictions, do read the fifth ‘Targeted Update on Implementation of the FATF Standards on VAs and VASPs’ published in July this year. According to the update, three quarters of jurisdictions (75%; 97 of 130) are only partially or not compliant with R.15.
CoinSwitch’s Commitment to AML/CFT Compliance and our Role in India’s FATF ME
Our first discussion with the Department of Revenue, Ministry of Finance, on the important topic of anti-money laundering (AML) risks in the Virtual Digital Assets (VDA) sector in August 2022 was very productive, and from thereon, in response to requests and rationale from CoinSwitch and the industry, the Ministry issued a notification dated March 7, 2023 to bring all transactions involving VDAs under the ambit of Prevention of Money Laundering Act (PMLA).
VDAs have been defined under Section 2 clause (47A) of the Income Tax Act, 1961. All entities that deal with VDAs are covered within the definition of Reporting Entities (REs) and are now subject to strict compliances such as undertaking KYC norms of clients and beneficial owners, undertaking due-diligence on transactions facilitated by VDA service providers in relation to VDAs and maintaining transaction related records. The notification was issued in the run up to the onsite visit as part of India’s Financial Action Task Force (FATF) Mutual Evaluation exercise in November 2023.
As part of our commitment to transparency and consumer protection, two crypto asset service providers of PeepalCo—Bitcipher labs LLP and Nextgendev Solutions Pvt Ltd—are registered as reporting entities with Financial Intelligence Unit-India (FIU-IND).
CoinSwitch is also one of the earliest members of the Alliance of Reporting Entities in India For AML/CFT, or ARIFAC. This will enable us to collaborate better with other AML/CFT reporting entities in India such as banks, non-banking financial companies, and payment aggregators to bring more transparency to the industry.
We are also a member of the Permanent Working Group for PMLA Compliance of Virtual Digital Asset Service Providers Reporting Entities constituted by FIU-IND where we collaborate on a wide range of issues.
In recognition of our contributions to India’s Mutual Evaluation by the Financial Action Task Force (FATF), CoinSwitch was specially invited by the Department for Revenue to a celebratory dinner for India’s successful completion of this long and rigorous assessment.
R Venkatesh, SVP and Head – Public Policy, CoinSwitch also got the opportunity to interact with the Hon’ble Finance Minister Nirmala Sitharaman where we explained our work in line with India’s AML/CFT rules and thanked her for her leadership and support.
We remain committed to further strengthening India’s AML/CFT framework and continuing our collaboration with the industry, government and regulators to combat financial crimes. We will continue our work on the shared goal to build a secure and transparent financial environment for all.
