.png)
What is FIU-IND?
The Financial Intelligence Unit - India (FIU-IND) is India's national agency responsible for receiving, processing, analysing, and disseminating information relating to suspect financial transactions and activities. It was established on 18 November 2004 by the Government of India under the Ministry of Finance as India's financial intelligence and anti-money laundering (AML) body.
FIU-IND functions as India's financial intelligence hub - the central point for collection and analysis of Suspicious Transaction Reports (STRs), Cash Transaction Reports (CTRs), Cross Border Wire Transfer Reports (CBWTRs), and other financial intelligence from Reporting Entities (REs) across the banking, insurance, securities, and now virtual assets sectors.
FIU-IND is India's national nodal agency for financial intelligence under the FATF framework - coordinating with international FIUs through the Egmont Group
Receives STRs, CTRs, CBWTRs, and other transaction reports from Reporting Entities - analyses patterns to detect money laundering, terrorism financing, and financial crime
Disseminates analysed intelligence to law enforcement - including ED (Enforcement Directorate), CBI, Income Tax, and intelligence agencies - to support prosecutions under PMLA
India is a member of the Egmont Group of Financial Intelligence Units - enabling exchange of financial intelligence with FIUs across 170+ countries for cross-border investigations
Legal Basis: FIU-IND's mandate derives from the Prevention of Money Laundering Act, 2002 (PMLA), particularly Chapter IV (Obligations of Banking Companies, Financial Institutions and Intermediaries) and the PMLA Rules 2005. Registration with FIU-IND is a statutory obligation - failure to register and comply is a criminal offence under PMLA.
Role of FIU-IND in India's AML Framework
FIU-IND sits at the centre of India's three-tier AML/CFT architecture. At the regulatory tier, sector regulators (RBI, SEBI, IRDAI, PFRDA, and the Ministry of Finance for VASPs) set AML standards for their respective sectors. At the compliance tier, Reporting Entities implement AML programmes and file transaction reports. At the intelligence tier, FIU-IND aggregates, analyses, and disseminates intelligence to enforcement agencies.
Who Must Register with FIU-IND?
Under Section 12 of the PMLA, 2002, every Reporting Entity (RE) is obligated to maintain records of transactions, furnish information of suspicious transactions, and register with FIU-IND. The term "Reporting Entity" is defined broadly under Section 2(wa) of PMLA to include a wide range of financial sector participants.
All scheduled commercial banks, cooperative banks, regional rural banks, foreign banks operating in India, payments banks, and small finance banks regulated by RBI
Stock brokers, sub-brokers, share transfer agents, merchant bankers, underwriters, mutual fund intermediaries, investment advisers - all SEBI registered entities
Life insurance companies, non-life insurers, insurance brokers, insurance repositories, and insurance web aggregators - all IRDAI-regulated entities providing financial products
Non-Banking Financial Companies registered with the RBI that accept deposits or provide financial services - including microfinance institutions, housing finance companies, and asset finance companies
Crypto exchanges, NFT marketplaces, DeFi platforms, VA wallet providers, and any entity facilitating exchange, transfer, or safekeeping of virtual assets - brought into PMLA scope via March 2023 notification
Registration agents, real estate brokers, and property developers involved in transactions above prescribed thresholds - particularly relevant for cash-heavy property transactions
Dealers in gold, silver, diamonds, and other precious stones or metals where transactions exceed INR 10 lakh - including jewellers, bullion traders, and refiners
Chartered accountants, company secretaries, cost accountants, lawyers, and notaries when carrying out certain financial or company formation activities on behalf of clients
VASPs & Crypto Exchanges Under PMLA
The most significant development in India's FIU-IND registration landscape in recent years is the March 2023 notification by the Ministry of Finance (MoF) bringing Virtual Asset Service Providers (VASPs) within the scope of the Prevention of Money Laundering Act, 2002. This notification, issued under Section 2(1)(sa) of PMLA, added "virtual assets" and VASPs as a reporting category - making India one of the first major economies to formally bring crypto exchanges under its AML framework.
Key Date: The Ministry of Finance Gazette Notification dated 7 March 2023 (S.O. 1072(E)) formally brought VASPs - including crypto exchanges, NFT platforms, and VA wallet providers - within PMLA's definition of Reporting Entities, making FIU-IND registration mandatory for all such entities operating in India or providing services to Indian customers.
What Constitutes a Virtual Asset Service Provider?
Centralised exchanges facilitating buy/sell/exchange of virtual assets against fiat or other virtual assets - the most directly impacted category. Entities like Binance India, WazirX, CoinDCX, ZebPay, and all domestic exchanges must register with FIU-IND.
Platforms enabling the creation, buying, selling, or transfer of non-fungible tokens where such NFTs constitute "virtual assets" as defined under PMLA - including platforms facilitating secondary market NFT trading with real monetary value.
Custodial wallet providers that hold or control VA private keys on behalf of customers - providing safekeeping, transfer, or management of virtual assets - must register as VASPs under PMLA.
Platforms facilitating peer-to-peer virtual asset transfers, cross-border VA remittances, or VA lending and borrowing services where the platform intermediates or enables the transaction.
Entities that participate in or facilitate initial digital/token offerings, SAFT arrangements, or token distribution on behalf of issuers - particularly where VA transfers are involved and Indian retail participants are targeted.
Enforcement Action on Offshore VASPs: FIU-IND issued show-cause notices and compliance directions to several offshore crypto exchanges (including Binance, Kraken, KuCoin, OKX, and Huobi) in December 2023 for operating in India without FIU-IND registration. These exchanges were subsequently blocked by India's Ministry of Electronics and Information Technology (MeitY). This demonstrates that the FIU-IND registration requirement applies to foreign entities actively marketing or providing services to Indian customers - not just domestically incorporated entities.
FIU-IND Registration Process
FIU-IND registration is conducted through the FINnet Gateway portal (Financial Intelligence Network) - FIU-IND's online submission and registration platform. The process is entirely online and does not require physical filing, though supporting documentation must be prepared carefully.
Entity Assessment & Eligibility Confirmation
Determine whether your entity falls within the definition of a Reporting Entity under PMLA and which category applies (banking company, NBFC, VASP, securities intermediary, etc.). Confirm the applicable sector regulator (RBI, SEBI, IRDAI, or MoF for VASPs) and any sector-specific AML guidelines issued by that regulator.
Appoint a Principal Officer (PO) & Designated Director
Under PMLA Rule 2(f), every Reporting Entity must designate a Principal Officer - a senior management individual responsible for overseeing AML/CFT compliance, filing transaction reports with FIU-IND, and acting as the primary contact for FIU-IND communications. The Principal Officer's details are submitted during FIU registration and must be kept current.
Prepare AML/KYC Policy & Programme
Before registration, the entity must have a Board-approved AML/CFT policy in place, a written KYC programme, and documented transaction monitoring procedures. FIU-IND may request these documents during or after registration. The AML policy should be aligned with both PMLA Rules and the applicable sector regulator's AML Master Directions.
Access FINnet Gateway & Create Account
Navigate to the FINnet Gateway portal (finnet.gov.in / fiuindia.gov.in). Create a Reporting Entity account by registering with your entity's PAN, CIN, and principal officer details. The system will issue login credentials for the Reporting Entity's online portal account, through which all future FIU-IND filings will be made.
Submit Registration Application
Complete the online registration form with: entity details (name, PAN, CIN, registered address, nature of business), sector regulator details (registration number with RBI/SEBI/IRDAI/MoF), Principal Officer details (name, designation, contact, PAN), and upload required supporting documents. FIU-IND will review and issue a Unique Registration Number (URN) upon approval.
Configure Reporting Systems & Begin Compliance
Post-registration, configure your transaction monitoring system to generate and submit reports in FIU-IND's prescribed format. Establish your STR, CTR, and CBWTR submission workflow. Ensure your team is trained on FIU-IND reporting obligations, thresholds, and timelines. Ongoing compliance - including annual review of AML policy, staff training records, and PO details - must be maintained continuously.
Documents Required for Registration
The following documents are typically required for FIU-IND registration. Requirements may vary slightly based on entity type and sector regulator.
| # | Document | Format | Applicability |
|---|---|---|---|
| 1 | Certificate of Incorporation / Registration Issued by ROC (MCA) for companies; registration certificate for partnerships/LLPs | All entities | |
| 2 | PAN Card of Entity Permanent Account Number of the Reporting Entity (company/firm PAN, not individual) | All entities | |
| 3 | Board Resolution for Principal Officer Appointment Signed Board resolution designating the Principal Officer under PMLA Rule 2(f) | All entities | |
| 4 | PAN & Identity Proof of Principal Officer PAN card and government-issued photo ID of the designated PO | All entities | |
| 5 | Sector Regulator Registration/Licence RBI/SEBI/IRDAI registration certificate; for VASPs, relevant MoF/GST registration evidence | Regulated entities | |
| 6 | AML/CFT Policy Document Board-approved AML/CFT policy covering KYC, transaction monitoring, STR filing, and training | All entities | |
| 7 | Memorandum & Articles of Association Latest MoA and AoA as filed with ROC; for VASPs, include digital/virtual asset activities in MoA | Companies | |
| 8 | GST Registration Certificate GSTIN registration - particularly relevant for VASPs as GST is collected on crypto transaction fees in India | Taxable entities |
Reporting Obligations Under PMLA
Once registered with FIU-IND, every Reporting Entity has ongoing statutory obligations to file transaction reports - on time, in the prescribed format, and through the FINnet Gateway. There are four primary report types, each with distinct triggers and filing deadlines.
Suspicious Transaction Report
Filed when a Reporting Entity has reason to believe that a transaction - regardless of amount - involves proceeds of crime, is linked to money laundering, or is related to terrorism financing. Covers both completed and attempted transactions.
Cash Transaction Report
Filed for cash transactions (deposits, withdrawals, exchanges, or payments) above the prescribed threshold within a single day. Both individual transactions and aggregated series of transactions exceeding the limit must be reported.
Cross Border Wire Transfer Report
Filed for all cross-border wire transfers of a specified amount or above, both inbound and outbound. Captures international money flows passing through Indian financial institutions and VASPs facilitating cross-border virtual asset transfers.
Counterfeit Currency Transaction Report
Filed by banking entities upon detection of counterfeit currency notes received in cash transactions. Less relevant for VASPs but mandatory for banking institutions and currency exchange entities.
Record Keeping Obligation: Under Section 12(1)(a) of PMLA, every Reporting Entity must maintain records of all transactions (above prescribed limits) for a minimum period of five years from the date of transaction. Records must be in a form and manner that enables reconstruction of individual transactions and be readily available to the competent authority on request.
AML/KYC Programme Requirements
In addition to transaction reporting, every Reporting Entity must implement a robust AML/KYC (Know Your Customer) programme under the Prevention of Money Laundering (Maintenance of Records) Rules, 2005. The programme must be Board-approved, documented, and operationally implemented.
Customer Due Diligence (CDD)
Verify identity of all customers at onboarding using officially valid documents (OVDs): Aadhaar, PAN, Passport, Voter ID, or Driving Licence. For businesses: verify beneficial ownership chain. KYC must be performed before establishing a business relationship or conducting transactions above prescribed thresholds.
Enhanced Due Diligence (EDD)
Higher-risk customers - Politically Exposed Persons (PEPs), non-face-to-face customers, customers from high-risk jurisdictions, and those with complex beneficial ownership structures - require enhanced due diligence. EDD involves additional information collection, senior management approval, and enhanced transaction monitoring.
Ongoing Transaction Monitoring
Implement a transaction monitoring system (TMS) that screens transactions against customer risk profiles, flags unusual patterns, and generates STR alerts. For VASPs, monitoring should include blockchain analytics tools to screen wallets against OFAC/UN/domestic sanctions lists and identify high-risk wallet addresses.
Risk-Based Approach (RBA)
India's PMLA requires a risk-based approach to AML/CFT - allocating compliance resources in proportion to assessed ML/TF risk. Maintain a documented risk assessment matrix covering customer types, products, geographies, and delivery channels. High-risk areas require more intensive controls; lower-risk areas may qualify for simplified due diligence (SDD).
Travel Rule Compliance (VASPs)
For Virtual Asset Service Providers, India has adopted the FATF Travel Rule - requiring VASPs to collect and transmit originator and beneficiary information for VA transfers above USD 1,000 equivalent. VASPs must implement a Travel Rule solution (e.g., Notabene, Sygna, or equivalent) and verify counterparty VASP registration before executing transfers.
AML Training Programme
Every Reporting Entity must conduct regular AML/CFT training for all relevant staff - covering red flags, reporting obligations, KYC procedures, and escalation processes. Training records must be maintained. At minimum, training should be conducted annually and for all new hires before they handle customer-facing activities.
Penalties for Non-Compliance
Non-compliance with FIU-IND registration obligations and PMLA reporting requirements carries severe consequences under the PMLA, 2002. FIU-IND has significantly increased enforcement activity following the 2023 VASP notification - with both domestic operators and offshore exchanges facing enforcement actions.
Where a Reporting Entity knowingly assists or is complicit in money laundering through failure to report or record transactions, criminal prosecution under Section 4 PMLA can result in rigorous imprisonment of 3 to 7 years (extendable to 10 years for certain offences) - applicable to both the entity and its responsible officers.
FIU-IND's Director may impose a monetary penalty of INR 10,000 per day of default, subject to a minimum of INR 10,000 and a maximum of INR 1,00,000 per failure to comply. For prolonged non-compliance, cumulative penalties escalate substantially. Post-2023 amendments have increased the penalty ceiling significantly.
Failure to maintain FIU-IND registration and PMLA compliance may trigger parallel action by the sector regulator (RBI, SEBI, IRDAI) - including suspension or cancellation of operating licences, imposition of business restrictions, and public censure orders. For VASPs, the MoF may recommend MeitY to block the platform's access in India.
Where FIU-IND intelligence indicates that proceeds of money laundering have passed through an unregistered entity, the Enforcement Directorate (ED) may attach the entity's property and bank accounts under Sections 5 and 8 of the PMLA - freezing business operations pending adjudication.
Offshore VASPs that service Indian customers without FIU-IND registration face the risk of MeitY blocking their domains and apps under the IT Act, 2000. This effectively cuts off access to Indian customers and has been used against several major global exchanges in 2023–24.
Frequently Asked Questions
Is FIU-IND registration the same as a crypto licence in India?
No. FIU-IND registration is an AML/CFT compliance obligation under PMLA - it is not a product licence or a permission to operate a crypto exchange. India does not currently have a standalone crypto or VASP operating licence regime (unlike Malta, Singapore, or Dubai). FIU-IND registration simply means your entity has formally acknowledged its AML/CFT obligations under PMLA and is enrolled to file transaction reports. A crypto exchange must separately obtain all applicable business registrations (company incorporation, GST, payment aggregator licence if accepting fiat payments, etc.).
Do offshore crypto exchanges serving Indian customers need to register?
Yes - according to FIU-IND's interpretation and enforcement actions in 2023–24. FIU-IND has taken the position that any VASP "actively marketing to or serving" Indian residents is subject to PMLA obligations, regardless of where the entity is incorporated. This is consistent with FATF's territorial approach to VASP regulation. Offshore exchanges that do not register risk being blocked by MeitY, as happened with Binance, KuCoin, Kraken, OKX, and others in December 2023–January 2024.
How long does FIU-IND registration take?
Typically 15–30 business days from submission of a complete application with all required documents. The primary delay factor is often preparation of the AML/CFT policy, Board resolution for Principal Officer appointment, and ensuring all supporting documents are in order. Where an entity has already prepared these documents as part of general compliance, the registration process itself can be completed in 2–3 weeks. The FINnet portal registration (creating an account) is near-instantaneous; it is the FIU-IND review and URN issuance that takes time.
What is the difference between FIU-IND registration and RBI/SEBI registration?
FIU-IND registration is an AML/CFT compliance-specific obligation under PMLA - all Reporting Entities must register regardless of their sector. RBI/SEBI/IRDAI registrations are sector-specific operating licences: a payment aggregator licence from RBI authorises you to aggregate payments; a stock broker registration from SEBI authorises you to execute trades. Both can be required simultaneously. For VASPs that are not directly regulated by RBI or SEBI, FIU-IND registration under MoF's 2023 notification is the primary regulatory touch-point - making it especially important for crypto-native businesses.
Does a DeFi protocol or non-custodial wallet need to register?
This remains an area of regulatory uncertainty in India. FIU-IND's 2023 notification and PMLA's definition of "virtual asset service provider" broadly tracks FATF's VASP definition - which targets entities that conduct VA activities "on behalf of another natural or legal person." Pure non-custodial protocols (where no entity holds keys or intermediates) and truly decentralised DeFi protocols may fall outside the current VASP definition. However, front-end operators, UI providers, and entities that market or facilitate access to DeFi protocols in India may be treated as VASPs. This is a rapidly evolving area - legal advice on your specific architecture is strongly recommended before assuming you are out of scope.
Can a startup register with FIU-IND before going live?
Yes - and this is strongly recommended. Registering with FIU-IND pre-launch (before onboarding your first customer) ensures compliance from day one and demonstrates regulatory good faith. PMLA obligations technically arise when you commence operations as a Reporting Entity, so registering before launch is best practice. Pre-launch registration also gives you time to properly configure your reporting systems, train your Principal Officer and compliance team, and establish your STR/CTR filing workflows before actual transactions begin.
What happens after FIU-IND registration - what are the ongoing obligations?
Post-registration ongoing obligations include: (1) Filing STRs within 7 working days of suspicion arising; (2) Filing CTRs by the 15th of each month for the previous month's qualifying cash transactions; (3) Filing CBWTRs for qualifying cross-border transfers; (4) Maintaining 5-year transaction records; (5) Annual review and update of AML/CFT policy; (6) Annual AML training for all relevant staff and maintenance of training records; (7) Notifying FIU-IND of any change in Principal Officer details within 30 days; (8) Cooperating with FIU-IND investigations and audits; (9) For VASPs: implementing FATF Travel Rule compliance for qualifying VA transfers.
Need Help with FIU-IND Registration?
FIU-IND registration involves navigating India's PMLA framework, preparing a compliant AML/KYC programme, and establishing ongoing reporting infrastructure - all while ensuring alignment with your sector regulator's requirements. YourTechLegal's India regulatory practice provides end-to-end FIU-IND registration support for VASPs, fintech companies, exchanges, and financial institutions.
End-to-end registration process management - entity assessment, Principal Officer appointment, document preparation, and FINnet portal submission
Board-approved AML/CFT policy drafting and KYC programme design - tailored to your entity type and aligned with PMLA Rules and sector regulator guidelines
Specialist advisory for crypto exchanges, NFT platforms, and Web3 businesses on PMLA obligations, Travel Rule implementation, and VASP-specific AML requirements
Retainer-based ongoing compliance support - STR/CTR review, annual AML policy update, staff training coordination, and regulatory monitoring
Start Your FIU-IND Registration
Speak with a YourTechLegal India regulatory specialist - online consultation available within 48 hours.
This resource page is for informational purposes only and does not constitute legal advice. The regulatory landscape for VASPs and Reporting Entities under PMLA is evolving; always consult qualified legal counsel for advice specific to your entity. © 2025 YourTechLegal. All rights reserved.
