The Prevention of Money Laundering Act, 2002, was India's primary AML statute long before crypto existed. In March 2023, the Ministry of Finance extended it to cover VDA service providers — the single most important regulatory event in Indian crypto's history.
What PMLA requires
Reporting entities (which now include crypto exchanges and certain custodians) must: maintain customer records for 5 years; report transactions over ₹10 lakh; report suspicious transactions regardless of size; appoint a Principal Officer; and undergo periodic compliance reviews by FIU-IND.
What 'suspicious' means in practice
STR triggers include: layering patterns (rapid in-out flows splitting into multiple wallets), inconsistency between declared income/profession and trading volume, transfers to/from sanctioned addresses, and behavioral red flags like sudden activity from a previously dormant account.
Each platform has internal compliance algorithms that score and queue STRs for human review. The output goes to FIU-IND on a continuous basis.
What it means for traders
Your trade history is visible to compliance teams and forwardable to FIU. Behavioural red flags — like buying USDT in 50 small pieces from 50 different merchants over a single hour — can trigger an STR, even if every individual trade is legal.
Best practice: be a 'normal-looking' user. Predictable volumes, consistent counterparties, no rapid layering. The system isn't designed to catch ordinary trading; it's tuned for laundering patterns.
Key takeaways
- PMLA was extended to crypto in March 2023 — now the dominant regime.
- Exchanges must maintain records 5 years and report STRs to FIU.
- STR triggers focus on layering, inconsistency, and behavioral oddity.
- Trade naturally; the system isn't tuned to catch ordinary use.
