TRA’s recommendations for the regulation of virtual currency in India

Recommendations by TRA for the regulation of virtual currency in India are available here.

In brief, our recommendations are:-

• The Reserve Bank of India (the “Regulator”) should regulate the activities of intermediaries dealing with virtual currencies in order to ensure minimum financial risk and smooth operation of payments and settlements systems.
• The intermediaries enabling virtual currency transaction like transfer from one person to another or storing, holding or maintaining custody of such currency, etc., should be licensed by the Regulator. Development of software for such currencies shall not constitute virtual currency business activity. License should be granted by the Regulator within a specified time limit. Any intermediaries or banking institutions dealing with unlicensed entities for virtual currencies shall be considered to have committed criminal offence.
• License shall be granted after considering the financial conditions, experience, character, responsibility and technical competency of the intermediary.
• Licensed entity shall maintain and enforce written policies with respect to anti-fraud, anti-money laundering, cyber security and privacy concerns The licensed entity shall ensure protection of customers. It shall obtain prior written approval of the Regulator if it proposes to introduce a materially new product/ service or if there is change in control or merger or acquisition. It shall also maintained detailed records of all the transactions. It shall permit and assist in its examination by the Regulator at any time.
• Know your customer (“KYC”)/anti-money laundering (“AML”)/combat the financing of terrorism (“CFT”) guidelines and Prevention of Money Laundering Act, 2002 (“PMLA”) regulations be applicable mutantis mutandis to the persons/ entities dealing with virtual currency business activity. The licensed entity shall file suspicious transaction report to Financial Intelligence Unit – India.
• Licensed entity shall establish an effective program (consisting of penetration testing, vulnerability assessment and audit trails) for ensuring the functionality and security of its electronic system, which should have been implemented by a Chief Information Security Officer and approved by the Board of Directors.
• The licensed entity shall be required to maintain a written ‘business continuity and disaster recovery’ plan to ensure the continuity of its services in event of emergency or disruption of normal business activity and notify the Regulator if there is any significant adverse effect on it.
• The licensed entity shall inform to its customer about all the material risks involved with the products/services and the rights of the customers. It shall not engage itself in any fraudulent activities.
• The licensed entity shall be prohibited from advertising its products/services in India unless it is allowed to carry on virtual business activity by the Regulator. It shall not make any misrepresentations or deceptive and false omissions.