AML & CFT Guidelines in India for VDA || Post 3: The 8 Operational Pillars of VDA Compliance

Leave a Comment / By /

This section covers the absolute core of the General and Operational Obligations placed on VDA Service Providers (SPs) as Reporting Entities under the PMLA. This is essential for creating robust internal compliance architecture.

🚨 ACTION MANDATE: The PMLA and FIU-IND guidelines transform VDA Service Providers (SPs) into Financial Institutions. This means adopting a bank-grade compliance infrastructure. This post details the 8 Non-Negotiable Operational Pillars required by Rules 2, 7, and 8 of the PMLR.

1️⃣ Pillar 1: Mandatory Registration & Disclosure (Rule 2)

  • Requirement: All SPs must register as Reporting Entities (REs) with FIU-IND.
  • Mandatory Disclosure: SPs must disclose their account details with Banks/FIs used for VDA transactions and for holding Client Money.

2️⃣ Pillar 2: The AML/CFT/CPF Program (Rule 7)

Every SP must evolve a robust, written AML/CFT/CPF Program (Policies, Procedures, and Controls) to detect and prevent money laundering, terror financing, and proliferation financing.

  • Board-Level Sign-Off: Policies must be signed off by the Board and Senior Management.
  • Staff Training: The spirit of these guidelines must be understood and followed by all staff members.
  • Regular Review: Policies must be regularly reviewed for effectiveness, ideally by a person different from the one who framed them.

3️⃣ Pillar 3: Appointment of Key Officers (Rule 7 & 8)

Two distinct, senior individuals must be appointed and their contact details communicated to FIU-IND within 7 days:

RoleSeniority & Primary FunctionKey Responsibility
Designated DirectorEnsures overall implementation of Chapter IV obligations.Oversees the compliance program and governance.
Principal Officer (PO)Senior level (preferably Head of Audit/Compliance/CRO).Furnishing Reports to FIU-IND (STRs, CTRs, etc.) and implementing FIU-IND directions.

4️⃣ Pillar 4: Know Your Customer (KYC) Norms (Rule 9)

Given the anonymous nature of VDAs, KYC requirements are heightened.

  • Pre-Onboarding Mandate: KYC is mandatory prior to on-boarding clients/wallets. Wallets cannot be opened under anonymous or fictitious names.
  • Beneficial Ownership (BO): SPs must identify and verify the Beneficial Owner (BO) as defined in Rule 9(3).
  • Official Documents: PAN (or National ID) plus any Officially Valid Document (OVD) (Passport, Aadhaar, Voter ID, etc.) must be obtained.
  • Periodic KYC: Due to the high-risk nature of VDAs, SPs must conduct Periodic KYC at least every year, based on their Risk-Based Approach (RBA).

5️⃣ Pillar 5: Client Due Diligence (CDD) and Record-Keeping

SPs must adopt written procedures for CDD and ensure compliance software is utilized.

  • Software Requirement: SPs must use software to perform robust KYC, identify counterparty wallet type, use Blockchain analytics for risk details, and store encrypted customer KYC information for at least five years.

6️⃣ Pillar 6: Enhanced Due Diligence (EDD)

EDD is mandatory for higher-risk scenarios:

  • Triggers: Complex, unusually large transactions with no apparent economic purpose.
  • High-Risk Jurisdictions: Clients from FATF Grey/Black Listed Countries or tax-havens.
  • Politically Exposed Persons (PEPs).
  • Failure Protocol: If required EDD cannot be completed, the SP must terminate the business relationship and file a Suspicious Transaction Report (STR).

7️⃣ Pillar 7: Sanctions Screening (Critical Operational Control)

Screening must be done at two critical points:

  • On-boarding: When the customer/wallet is first accepted.
  • Transaction Initiation: When any VDA transfer is initiated.
  • Safeguards: SPs may put a wallet on hold until screening is completed against UN Security Council (UNSC) and UAPA directives.

8️⃣ Pillar 8: Counterparty & Correspondent Due Diligence

This extends obligations beyond the direct customer:

  • Counterparty DD: For VDA transfers to another SP, the originating SP must perform CDD on the Counterparty SP to avoid dealing with illicit or sanctioned actors.
  • Correspondent Relationships: If one SP provides services (e.g., white-label platform or nested services) to another SP/FI, the originating SP must:
    • Gather sufficient information on the counterparty’s business and their AML/CFT/CPF risk control framework.
    • Be satisfied that the counterparty has conducted CDD on its own customers (especially for nested services).

🔥 The Legal Takeaway:

These obligations mean VDA SPs are held to the same prudential standards as banks. The entire infrastructure must be auditable and capable of real-time regulatory intervention (freezing, reporting).

👇 Let’s Discuss:

Given the technical complexity, which obligation—On-Chain KYC/Whitelisting or the Real-Time Sanctions Screening at the point of transfer—presents the greatest operational challenge for VDA SPs today?

#VDA #FIUIND #PMLA #AML #KYC #ComplianceOfficer #RegTech

Rahul Pareek || Visionary Professional Lawyer | Transforming Companies Through Strategic Innovation & Compliance | Bridging the Legal Gap in Web2/3 | Web3Legals

Read Post 2 – The Core Purpose & Scope of VDA Compliance

Leave a Comment

Your email address will not be published. Required fields are marked *