On March 7, 2023, the Union Finance Ministry published a gazette notification expressly bringing virtual digital assets and entities dealing in such assets [commonly termed as Virtual Asset Service Providers (“VASPs”)] within the purview of the Prevention of Money Laundering Act, 2022 (“PMLA”). As per the notification, the following activities (if carried out for or on behalf of another person in the course of business) will be covered under the PMLA:
- exchange between virtual digital assets and fiat currencies;
- exchange between one or more forms of virtual digital assets;
- transfer of virtual digital assets;
- safekeeping or administration of virtual digital assets or instruments enabling control over virtual digital assets; and
- participation in and provision of financial services related to an issuer’s offer and sale of virtual digital asset
By inclusion of the aforementioned activities within the scope of Section 2(1)(sa) of the PMLA, the business offering such activities will qualify as ‘person carrying on designated business or professional’, and in turn qualify as a ‘reporting entity’ as per the PMLA. Reporting entities must adhere to the same reporting requirements and know-your-customer (KYC) requirements as other regulated entities including banks, securities intermediaries, payment system operators, etc. In cases of suspicious activities involving virtual digital assets, the reporting agencies will have to report such activities to the Financial Intelligence Unit India (FIU-IND) and the Enforcement Directorate has the authority to investigate such matters.
Compliances for VASPs
VASPs will be required to adhere to the requirements as prescribed under the PMLA and the Prevention of Money-Laundering (Maintenance of Records Rules), 2005 (“PML Rules”).
The obligations to be adhered to by the VASPs include:
Client Due Diligence
As per Rule 9 of PML Rules on “Client Due Diligence”, ‘reporting entities’ are required to identify their clients, confirm their identification, and gather information on the purpose and intended nature of the business relationship at the commencement of an account-based relationship. The statute also prescribes that its mandatory to ascertain whether a client is representing a beneficial owner and if so, identify that owner, and take all necessary measures to verify that person’s identity.
A user is required to submit inter alia the following documents to the VASPs as mandated by the PML Rules:
- the Aadhar number
- and such other documents including in respect of the nature of business and financial status of the client as may be required by the VASPs.
Additionally, it is now mandatory for VASPs to register with the Central KYC Registry and file an electronic copy of their users’ KYC records with the registry within 10 days of the commencement of their account-based relationship.
Ongoing Due Diligence
As per Rule 9(12)(1) of the PML Rules, every VASP will be required to exercise ongoing due diligence with respect to the business relationship with every client and examine the transactions in order to ensure that they are consistent with their knowledge of the client, his business and risk profile and where necessary, the source of funds.
Whenever any suspicious activity comes to the knowledge of the reporting entity or where there are doubts about the adequacy or veracity of previously obtained client identification data, the reporting entity shall review the due diligence measures being used by them.
Any change that is inconsistent with the usual and anticipated actions should be brought to the VASP’s attention for further ongoing due diligence processes and any appropriate action. The reporting entities are not only required to put in place due diligence measures for new users but also for existing clients on the basis of materiality and risk.
Maintenance of the record of transactions
As per the PML Rules, the VASPs will now be required to maintain records of all transactions for a period of five years from the date of the transaction.
Further, the documents evidencing identity of the clients and the beneficial owners as well as account files and business correspondence relating to its clients shall be maintained for a period of five years after the business relationship between a client and the reporting entity has ended or the account has been closed, whichever is later
Each VASP must appoint a principal officer and a director and their name, address, and designation must be communicated to the FUI-IND. Every 15th day of the month, the principal officer is required to provide certain information to FIU-IND, including all the details on any international transfers worth more than INR 5,00,000 or the equivalent in another currency. Additionally, it must provide FIU-IND with information on any suspicious transactions within 7 working days after concluding that the transaction is suspicious.
It is a landmark step by the Government to bring entities involved in dealing with virtual digital assets within the purview of the PMLA. While there will be additional compliance burden on such entities, it’ll go a long way in ensuring that such platforms are not used for illegal transactions. Moreover, with the hefty amount of penalties prescribed under the statute, VASPs are bound to take these compliances seriously. This step will also add to the transparency of activities in this sector, which has been previously accused of being used for unscrupulous transactions.