Market News

FIU-IND Tightens Crypto Rules, Mandates Cybersecurity Audits

FIU-IND has tightened crypto oversight by formalising the Principal Officer role and mandating CERT-In cybersecurity audits.

Written By:
Dishita Malvania
FIU-IND Tightens Crypto Rules, Mandates Cybersecurity Audits

Key Highlights

  • FIU-IND has issued updated compliance guidelines for crypto and VDA firms operating in India.
  • Mandatory CERT-In cybersecurity audits and clearer Principal Officer responsibilities introduced.
  • Travel Rule norms tightened, with added scrutiny on unhosted wallet and P2P transactions.

The Financial Intelligence Unit of India (FIU-IND) has issued updated guidelines for crypto and virtual digital asset (VDA) companies, tightening compliance norms around governance, cybersecurity, and transaction monitoring.

The guidelines apply to crypto exchanges and VDA service providers registering or operating in India. The move comes as FIU continues to widen its oversight over crypto platforms.

Principal officer role spelt out

A key part of the update focuses on the Principal Officer (PO).

FIU-IND has clearly defined the role, responsibility, and reporting structure of the PO. The officer will be responsible for anti-money laundering, countering the financing of terrorism, and counter-proliferation financing obligations.

The PO must report directly to the board of directors or a board-level committee. The guidelines also state that the board must review the PO’s appointment every year.

For many exchanges, this puts formal structure around a role that earlier existed largely on paper.

Cybersecurity audit is now mandatory

The updated guidelines also make cybersecurity audits compulsory.

Crypto firms will now have to submit a Cyber Security Audit Certificate issued by an auditor empanelled with CERT-In. The audit must confirm compliance with CERT-In directions and applicable cybersecurity standards.

“The audit shall be comprehensive and proportionate in coverage across all critical risk domains, and the audit report shall certify whether the audited environment is adequately safe to host and operate the notified VDA activities,” the guidelines said.

The audit will cover governance controls, access management, infrastructure and network security, application security for KYC and transaction monitoring systems, wallet security, cryptographic controls, backup and recovery, and third-party risks involving cloud services and APIs.

Incident response capability and readiness to report to CERT-In will also be reviewed.

Travel rule and unhosted wallet transactions

FIU-IND has also clarified how crypto firms must implement travel rule requirements.

VDA service providers will have to collect and maintain detailed originator and beneficiary information for each transaction. The data must be verified and transmitted before or during a transfer.

The guidelines also require exchanges to carry out due diligence and sanction screening on counterparties.

A notable addition is the treatment of unhosted wallets. Reporting entities must collect information on transactions involving unhosted wallets, assess the risk, and apply enhanced due diligence measures where needed. This applies to peer-to-peer transfers that pass through an exchange as well.

Industry reaction

Industry players say the guidelines largely formalize existing expectations.

“This isn’t just a compliance update; it’s a strategic signal that India is ready to lead in the digital asset space through a balanced approach of innovation and financial stability…From an investor standpoint, this oversight transforms VDA platforms into accountability-driven entities,” said Sumit Gupta, Co-founder, CoinDCX.

“These rules were always around as best business practices to follow, but now FIU has put this in pen and paper,” said Vikram Subburaj, Co-founder and CEO, Giottus.

Subburaj said the guidelines clearly explain the responsibilities of roles like the Principal Officer and provide operational clarity on how travel rule data must be collected and processed.

Part of a broader enforcement push

The updated guidelines come days after FIU-IND brought 49 crypto exchanges under its oversight, expanding compliance requirements to a wider set of platforms, including offshore exchanges serving Indian users.

This has increased pressure on exchanges to align fully with Indian AML and reporting norms.

At the same time, the industry is watching the Union Budget 2026 closely. There is growing expectation that clarity on taxation and compliance could help bring crypto trading activity back to India, after volumes shifted offshore over the last few years.

What users are still asking

Many users are still unclear about how these changes affect them.

Unhosted wallets and peer-to-peer transfers are not banned. However, users may see additional verification, data collection, or delays for certain transactions, especially when exchanges flag higher risk.

Another concern is whether smaller exchanges can absorb the cost of audits and compliance. Over time, the tighter rules could lead to fewer but more regulated platforms operating in India.

For now, FIU-IND’s message is simple: crypto businesses can operate, but only under strict monitoring and reporting standards.

Also Read: India’s IT Dept. Flags Crypto Risks, Users Face Higher Scrutiny

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.
Google News Banner
TAGGED:
Share This Article
Dishita Malvania - Senior crypto journalist at The Crypto Times
By Dishita Malvania
Follow:
Dishita Malvania is a Crypto Journalist with 3 years of experience covering the evolving landscape of blockchain, Web3, AI, finance, and B2B tech. With a background in Computer Science and Digital Media, she blends technical knowledge with sharp editorial insight. Dishita reports on key developments in the crypto world—including Litecoin, WazirX, Solana, Cardano, and broader blockchain trends—alongside interviews with notable figures in the space. Her work has been referenced by top digital media outlets like Entrepreneur.com, The Independent, The Verge, and Metro.co, especially on trending topics like Elon Musk, memecoins, Trump, and notable rug pulls.

Latest News

IronWorm Malware Targets Web3 Developers via Compromised npm Packages
IronWorm Malware Targets Web3 Developers via Compromised npm Packages
Korea Investment to Add SpaceX Shares Ahead of IPO Debut
Korea Investment to Add SpaceX Shares Ahead of IPO Debut
Today in Crypto: Bitcoin Dips Toward $62K on Continued ETF Outflows, US Sanctions Iran’s Nobitex and More
Today in Crypto: Bitcoin Dips Toward $62K on Continued ETF Outflows, US Sanctions Iran’s Nobitex and More
Peter Schiff, CEO and Chief Global Strategist of Euro Pacific Asset Management
Peter Schiff Says USDT Market Cap Will Surpass Bitcoin and Ethereum
US Lawmakers Kevin Mullin and Gabe Vasquez
US Lawmakers Urge FTC to Investigate Kalshi & Polymarket’s Practices

Find Us on Socials

You may also like