Report highlights steps taken to mitigate risks posed by offshore Virtual Asset Service Providers

What Happened

A report highlighted India's multi-pronged approach to mitigating risks posed by offshore Virtual Asset Service Providers (oVASPs) — cryptocurrency exchanges and wallets operating outside India's regulatory jurisdiction but serving Indian users.
The Financial Intelligence Unit-India (FIU-IND) has set up a dedicated Working Group comprising domestic VASPs (registered crypto exchanges), banks, payment aggregators, and payment gateways to formulate "red flag indicators" and develop strategies to detect and counter oVASP operations serving Indian customers.
India is building an indigenous Virtual Asset Lab — a dedicated surveillance and analytics capability — to detect high-risk unregistered offshore crypto platforms using web surveillance and transaction monitoring tools.
FIU-IND has issued blocking orders under the Prevention of Money Laundering Act (PMLA) directing the Ministry of Electronics and Information Technology (MeitY) to block access to unregistered offshore crypto platforms.
In a specific enforcement action, FIU has issued notices for non-compliance to 25 offshore Virtual Digital Asset Service Providers (VDA SPs) under Section 13 of the PMLA — platforms such as Paxful, Changelly, Huione, CEX.IO, and others.
The developments come in the context of the Financial Action Task Force (FATF) highlighting India's progress in building detection tools for unregistered virtual asset firms in its mutual evaluation.

Static Topic Bridges

Virtual Digital Assets (VDAs) and India's Regulatory Framework

India brought Virtual Digital Assets (VDAs) — including cryptocurrencies like Bitcoin and Ethereum, as well as non-fungible tokens (NFTs) — under a formal regulatory framework in 2022–2023. The term "Virtual Digital Asset" was defined in the Finance Act 2022 (amendment to the Income Tax Act), and VDA service providers were brought under the Prevention of Money Laundering Act (PMLA) in March 2023.

Under PMLA, all VDA service providers are classified as "reporting entities" — the same category as banks, NBFCs, and stock brokers — requiring them to maintain KYC (Know Your Customer) records, report suspicious transactions, and register with FIU-IND through the FINgate portal.
India's regulatory approach is activity-based (not location-based): a foreign platform serving Indian users is covered regardless of where it is physically incorporated or domiciled.
Taxation: VDA income is taxed at a flat 30% plus surcharge and cess under Section 115BBH of the Income Tax Act; any loss from VDA transactions cannot be offset against other income or other VDA transactions.
A 1% Tax Deducted at Source (TDS) is applicable on VDA transfers above ₹10,000 (₹50,000 for specified persons) — creating a transaction reporting trail.
India has not issued a comprehensive cryptocurrency legislation as yet; the regulatory framework consists of amendments to existing financial laws (IT Act, PMLA, FEMA) rather than a standalone Crypto Act.

Connection to this news: The FIU's Working Group and Virtual Asset Lab are enforcement architecture built on top of the 2023 PMLA framework — the legal foundation exists, and the news reflects India building the operational capability to enforce that framework against entities that evade it by operating offshore.

Financial Intelligence Unit-India (FIU-IND) and Anti-Money Laundering Architecture

FIU-IND is India's central agency for receiving, processing, analysing, and disseminating financial intelligence to law enforcement. It was established in November 2004 under the Department of Revenue, Ministry of Finance, pursuant to the enactment of PMLA 2002. It is India's national contact point for the Egmont Group — the international network of Financial Intelligence Units.

FIU-IND's primary function is to collect Suspicious Transaction Reports (STRs) and Cash Transaction Reports (CTRs) from reporting entities and forward actionable intelligence to agencies like the Enforcement Directorate (ED), CBI, and Income Tax Department.
Since March 2023, crypto exchanges are reporting entities; the FIU thus receives STRs from registered platforms — but offshore unregistered platforms submit no reports, creating a regulatory gap.
FIU has powers under Section 13 of the PMLA to issue directives to reporting entities; it has used this provision to issue notices to non-compliant platforms.
The FATF (Financial Action Task Force) evaluates India's Anti-Money Laundering/Countering Financing of Terrorism (AML/CFT) regime through mutual evaluations; India's most recent FATF evaluation highlighted progress in bringing VASPs under regulation but noted gaps in enforcement against unregistered offshore platforms.
India adopted the FATF Travel Rule with no minimum threshold — requiring originating VASPs to transmit sender and recipient information on all crypto transfers.

Connection to this news: The Virtual Asset Lab is FIU's response to the specific gap identified in its FATF mutual evaluation — the inability to systematically detect and shut down unregistered offshore platforms that circumvent the PMLA reporting obligation.

Offshore VASPs: Risks and Global Regulatory Landscape

Offshore VASPs are platforms registered in jurisdictions with minimal or no crypto regulation (sometimes called "crypto havens") that nonetheless serve users in tightly regulated markets like India. They present specific AML, terrorism financing, and consumer protection risks because they operate outside the reach of domestic regulators while accessing domestic users.

Common offshore jurisdictions hosting unregistered crypto platforms include Seychelles, Malta, the Cayman Islands, and increasingly certain Pacific island nations with minimal regulatory requirements.
FATF released a dedicated report on offshore VASP risks in 2026, noting that India was among the countries actively building tools to counter such platforms — a recognition cited in the news article.
The 25 offshore platforms noticed by FIU include a range of exchange types: P2P platforms (Paxful), instant-swap services (Changelly), full-service exchanges (CEX.IO, BTCC, Coinex, BitMex), and regional remittance-adjacent platforms.
The primary AML risk from offshore VASPs is their potential use for "regulatory arbitrage" — users who would be subject to KYC and transaction monitoring on Indian platforms circumvent these requirements by routing transactions through offshore platforms.
International coordination under the Egmont Group and FATF enables information sharing about suspicious transactions routed through offshore platforms across jurisdictions.

Connection to this news: The formation of the FIU Working Group with domestic VASPs, banks, and payment gateways to develop red flag indicators reflects a collaborative detection model — domestic registered entities become "sensors" in the financial system that can identify transaction patterns indicative of offshore VASP usage.

Key Facts & Data

FIU-IND established: November 2004, under Department of Revenue, Ministry of Finance
VDA service providers brought under PMLA: March 2023
VDA defined in: Finance Act 2022 (amendment to Income Tax Act)
VDA taxation: 30% flat rate under Section 115BBH + 1% TDS on transfers above ₹10,000
Offshore VDA SPs noticed by FIU under PMLA Section 13: 25 platforms
Offshore platforms noticed include: Paxful, Changelly, Huione, CEX.IO, BTCC, Coinex, Remitano, Bitrue, BitMex, Probit Global
FIU Working Group participants: domestic VASPs, banks, payment aggregators, gateways
Virtual Asset Lab: indigenous analytics capability for detecting unregistered offshore platforms
India's FATF status: member (via FATF Asia-Pacific Group — APG); also Egmont Group member
FATF Travel Rule: India adopted with zero minimum threshold (all crypto transfers require sender/receiver info)
Registration requirement: all VDA SPs must register on FINgate portal before commencing operations