Driven by excellence, focused on strategies for the longer term.

This is the crux of who we are. It is an articulation of precision in purpose, from the Firm’s beginnings to where we are today. Our collective eye is unerringly trained on tomorrow.

Deep sectoral expertise across services and industries.

Our insistence on strategic advisory exacts an in-depth understanding of and involvement with our clients’ businesses and industries. We engage not just individual businesses, but also contribute to the country’s legal and regulatory frameworks.

Personal commitment supported by experience and grit.

We commit early. We pull together internally for greater support. Every effort is sincere, every individual deeply dedicated to their task, their role, to the Firm.

Our undertakings for long-term impact are an organic extension of our purpose.

They are to employ our deep knowledge of the law beyond the business, the transaction, the deal. To use the opportunities and skills we possess, to reflect on the culture we’re creating. Individually and collectively, these are our efforts to help shape the thinking of our future generations, and arm them with strategies for true, sustainable growth.

Knowledge-sharing is intrinsic to equity and inclusivity.

This is a repository of thought leadership, deep insights and strong viewpoints, legal and other news and events and how they impact the industry and our clients.

Relevance is critical to growth. It necessitates a firm that is dynamic and responsive.

Amplifying intrinsic talent, sharpening skills, expanding knowledge, is vital to leading. It defines every aspect of how our firm functions and transacts. This is how we create new benchmarks and set industry standards.

  • Connect
Aug 18, 2023

The Indian Anti-Money Laundering Regime: New Compliance Obligations Around Virtual Digital Assets

Introduction

Crypto-based assets continue to keep regulators across the world on their toes. The race to develop effective regulation for the ever-evolving range of crypto- based assets is riddled with roadblocks; the basic challenges being imposing a uniform classification on them within the broader class of digital assets and regulating them both responsibly and effectively.

India has adopted a broad definition to cover crypto-based assets: virtual digital assets (VDAs). VDAs are defined as assets representing a certain value created using encryption or other methods, including unique digital items such as non-fungible tokens (NFTs).

“VDA-related REs will now have to actively, and as a legal obligation, assist the Directorate of Enforcement in its investigations.”

There is currently no specific law in India on the regulation of VDAs. India’s banking regulator – the Reserve Bank of India (RBI), in April 2018, did try to limit the circulation of VDAs in the Indian financial ecosystem. The RBI restrained banks and other entities regulated by the RBI from providing services to entities dealing in VDAs (virtual currencies at that time). The RBI’s direction and power to regulate VDAs were challenged before the Supreme Court, which struck down the RBI’s April 2018 circular as being disproportionate. The Supreme Court, however, upheld the RBI’s power and authority to regulate virtual currencies.

More recently, the Ministry of Finance released a notification in March 2023 under the Prevention of Money Laundering Act, 2002 (PMLA) that introduces reporting obligations on businesses dealing with VDAs (the “March 2023 Notification”).

PMLA Notification – Increasing the Net of Reporting Entities

The PMLA imposes reporting and compliance obligations on “reporting entities” (REs). REs include banks, financial institutions, and entities carrying on designated business activities (identified by the Ministry of Finance). The March 2023 Notification expanded the list of designated businesses – a person or entity carrying on the activities outlined in the table below in the course of business is now an RE under the PMLA regime:

Section No.Activities designated under the March 2023 NotificationCoverage
3.00Transfer of VDAsVDA transfer services: provide services to transfer VDAs between individuals or entities, similar to money transfer services
4.00Safekeeping or administration of VDAs or instruments enabling control over VDAsVDA custodians and wallet providers: offer safekeeping or administration services for VDAs, including digital wallets that enable users to store, manage, and control their VDAs
5.00Participation in and provision of financial services related to an issuer’s offer and sale of a VDAFinancial service providers for VDAs: participate in or provide financial services related to an issuer’s offer and sale of a VDA, such as initial coin offerings, token sales, or other fundraising methods involving VDAs or platforms servicing VDA-based lending and borrowing
1.00Exchange between VDAs and government-issued currenciesCryptocurrency exchanges: facilitate the buying, selling, or trading of VDAs for fiat currencies (like US dollars or Indian rupees) or other VDAs
2.00Exchange between one or more forms of VDAsCryptocurrency exchanges: facilitate the buying, selling, or trading of VDAs for fiat currencies (like US dollars or Indian rupees) or other VDAs

The business activities added under the ambit of REs are the same activities identified by the Financial Action Task Force under the definition of “Virtual Asset Service Provider” in its recommendations on combating money laundering and terror financing.

Compliance and Reporting Obligations

REs are subject to a significant number of compliance and reporting obligations. These include various requirements under the PMLA which are inter-linked with regulations and directions issued by the RBI. Although crypto-exchanges have usually followed know your customer (KYC) standards and diligence for their customers, the compliance obligations are now a “must-have”, rather than the “good-to-have” they were before. These obligations include the following:

  • Maintaining records of transactions: REs are required to maintain a record of specified transactions in such a manner as to enable them to reconstruct each individual transaction. The specified transactions include cash transactions of a value exceeding INR1 million (monthly aggregate), cross-border transfers exceeding INR 500,000 or suspicious transactions irrespective of value.
  • Maintaining records of customers: REs have to maintain documents evidencing the identities of their clients and beneficial owners as well as account files and business correspondence relating to their clients.
  • Identifying senior employees for compliance purposes: REs have to designate a director and separately appoint a “principal officer” to ensure overall compliance with reporting obligations.
  • Verifying customer identity: REs have to follow and implement KYC guidelines to accurately ascertain the identity of their customers and also the “‘beneficial owners.” Identity and beneficial owner verification has to be done not only at the time of commencement of the RE-customer relationship but also when the customer carries out a transaction in excess of INR50,000 or any cross-border money transaction.
  • Additional verification of specified transactions: REs have to conduct enhanced due diligence (EDD) prior to the commencement of certain specified transactions, failing which such transactions must be stopped. EDD measures include verifying identity, examining the ownership and financial position as well as the source of funds, and recording the purpose of the transaction.
  • Reporting to the Financial Intelligence Unit-India (FIU-I): REs have to furnish necessary information relating to all transactions in the prescribed format to FIU-I on a monthly basis. In addition, REs have to regularly and continuously oversee and report suspicious transactions to FIU-I.

The enforcement authority (an officer empowered under Section 49(1) of the PMLA) can inquire about the status of compliance or conduct audits of the RE’s records. The enforcement authority, if it is of the opinion that an RE is non-compliant, may direct the RE to comply with specific instructions, direct the RE to increase reporting obligations or impose a monetary penalty on the RE. More importantly, VDA-related REs will now have to actively, and as a legal obligation, assist the Directorate of Enforcement (the entity responsible for enforcing economic laws and fighting economic crime in India) in its investigations by providing information and documents.

Conclusion: The Challenges Ahead

Although the above list of obligations is not exhaustive, it clearly reflects the need to implement adequate processes to ensure compliance. For instance, REs need to maintain records of customers and all transactions for a period of five years. This will require an increase in security and storage capacity, and subsequent compliance with privacy and data localisation (RBI requires end-to-end data on transactions to be stored in India) obligations.

Similarly, monitoring all transactions on an exchange to adequately identify suspicious transactions requires advanced system and oversight capabilities. Indian regulators may even consider all VDA transactions as high risk due to their potential anonymity and cross-border aspects. Consequently, even regular day-to-day VDA activities may be seen as potentially suspicious or high-risk transactions requiring constant monitoring and EDD measures. These compliance obligations are onerous and unhelpfully ambiguous.

There has been a disconnect between the enforcement authorities and the industry in the recent past on which activities invite RE compliance obligations. For instance, the FIU-I held that PayPal (a technology interface not handling funds) is an RE under the PMLA and imposed a monetary penalty on PayPal for alleged violations of compliance and reporting obligations. PayPal challenged the FIU-I’s decision before the Delhi High Court. The Court held that PayPal is an RE under the PMLA required to maintain records and furnish information on transactions. The court reasoned that regulatory authorities must be empowered “to view and analyse all aspects of data connected with a particular transaction” in order to effectively fight against money laundering. Following this judgment, a technology interface or system with enables payment between a payer and a beneficiary will be treated as an RE under the PMLA.

The March 2023 Notification substantially increases the cost and compliance burden on exchanges, wallet providers, and other service providers dealing in VDAs. It hits anonymity (a key factor in the popularity of VDAs), and would require consistent, costly, and canonical disclosures of VDA transactions. VDA-related REs will have to build and implement adequate processes and infrastructure akin to banks to not only track and comply with the requirements but go above and beyond to safeguard themselves from the potentially onerous expectations of enforcement authorities.

AUTHORS & CONTRIBUTORS

TAGS

SHARE

Subscribe

DISCLAIMER

These are the views and opinions of the author(s) and do not necessarily reflect the views of the Firm. This article is intended for general information only and does not constitute legal or other advice and you acknowledge that there is no relationship (implied, legal or fiduciary) between you and the author/AZB. AZB does not claim that the article's content or information is accurate, correct or complete, and disclaims all liability for any loss or damage caused through error or omission.

RELATED READING

Publications

India: CCI looks to build a culture of compliance through rigorous cartel regulation

Apr 19, 2024 | Competition / Antitrust
Publications

Criteria for admission of Section 7 applications under the IBC – What’s the legal position?

Apr 17, 2024 | Dispute Resolution Restructuring & Insolvency
Publications

Draft Directions – Changes in regulatory framework for Payment Aggregators (PAs)

Apr 17, 2024 | Financial Services & FinTech