A PYMNTS Company

India Includes Crypto Businesses In New Rules For Cyber Security

 |  May 2, 2022

India named the country’s Computer Emergency Response Team (CERT) as the national agency for cyber security, including the crypto industry, in a move that clarifies which agency has the authority over suspicious or illicit activities in the sector.

The move requires crypto businesses, such as virtual asset service providers, to keep know-your-customer (KYC) information and records of financial transactions for five years “to ensure cyber security in the area of payments and financial markets for citizens while protecting their data, fundamental rights and economic freedom in view of the growth of virtual assets.”

While the industry views the announcement as a soft step toward regulation before crypto-specific legislation is enacted, the government has not suggested the move is a step toward regulation. A similar, but much stronger, move was the rule to tax crypto businesses before crypto-specific legislation, announced in February. At the time, a senior finance ministry official said “just because it is taxed does not make it legal.”

India’s crypto legislation remains in cold storage with the government seeking global consensus and Indian Finance Minister Nirmala Sitharaman noting the potential of crypto and blockchain as well as the safety concerns around it.

“Blockchain itself is so full of potential not just in the payment arena, but also in very many others,” she said last week. “Our intention is in no way to hurt this (cryptocurrency or blockchain).” However, she added that “it also can be manipulated for not so desirable ends, whether it is on money laundering or whether it is on leading towards financing terror.”

This is the first time the government has made it clear that the data needs to be maintained for a period of five years. KYC processes and data will need to be aligned to the guidelines of three entities: the Reserve Bank Of India (RBI), Securities and Exchange Board of India (SEBI) and Department of Telecom (DoT).

Crypto businesses also need to appoint a point of contact for CERT, a unit of the Ministry of Electronics and Information Technology, to have an open channel of communication regarding these new rules.

Want more news? Subscribe to CPI’s free daily newsletter for more headlines and updates on antitrust developments around the world.