In a regulatory void, judging the ‘fit and proper’ quality of a new applicant has been left to existing virtual digital asset (VDA) service providers (SPs). Some of the applicants are discovering that the rule, introduced early this year, not only runs into conflict of interests, but poses other complexities as cryptos are vulnerable to money laundering and cyber heists.
Regulations in most financial markets too insist on such a certificate to evaluate the integrity, ethical standing, and track record of new managers and entities. For instance, in safeguarding the interests of depositors and investors, persons applying for a banking license and intermediaries like stock brokers have to qualify as ‘fit and proper’. But, here the assessment is done by the respective regulator (RBI or Sebi)-and not by peers or other business and competing organisations in the industry.
In case of VDAs, the rule stems from a January 2025 communique to VDA SPs from the Financial Intelligence Unit (FIU). An agency under the ministry of finance, FIU is dedicated to curb money laundering and terror finance. VDASPs like crypto platforms exchanges, brokers, and custody service firms providing crypto wallets are “reporting entities” sharing information, as banks do, with the FIU.
Being ‘fit and proper’ is one of the conditions a VDA SP must satisfy to register itself with FIU. Failure to register is in itself a non-compliance with the Prevention of Money Laundering Act.
NO DEFINED PARAMETERS
According to the January 2025 notification, one of the steps towards registration requires “fit and proper certificate from the FIU IND registered VDA SP(s), in all cases where the applicant VDA SP is into relationship/agreement (B2B/broker/other relationship etc) with the former (either ongoing/prospective/intended).”
This widely-worded directive can be interpreted to mean that a new applicant (be it a crypto exchange or an intermediary) could require multiple certificates from different SPs. A custody provider may partner with multiple exchanges and intermediaries, while an exchange may draw liquidity from another platform.
According to Purushottam Anand, advocate and founder of Crypto Legal, a Bengaluru-based blockchain and crypto-focused law firm, “The ‘fit and proper’ requirement effectively introduces a disqualification criterion for entities seeking registration as VDASP. Yet, it provides no defined parameters or standards for registered VDASPs to apply during their assessment. There is a complete lack of guidance on the manner, scope, or extent of scrutiny to be conducted by existing VDASPs. In the absence of clarity, new applicants may be compelled to disclose sensitive and confidential business information to potential competitors. Courts have consistently held that vague, arbitrary, and subjective conditions-particularly those introduced through delegated legislation-are legally untenable and liable to be struck down.”
The requirement may prove self-defeating where an applicant is compelled to seek certification from a competitor, said Harshal Bhuta, partner at the CA firm P. R. Bhuta & Co. “Moreover, obtaining such certification from several service providers may not be straightforward, given the recent cyberattacks and the liability associated with issuing such certificates. A more effective alternative would be for the government to provide recognition to Self-Regulatory Organisations (SROs) and authorise them to issue certificates,” said Bhuta.
In the past one year, two Indian crypto exchanges lost substantial amounts in cyberattacks. And law enforcement authorities fear that cryptos are misused to move money across the border, bypassing banking channels. Coins withdrawn from an exchange wallet can be transferred to private wallets and other wallet owners in various jurisdictions. Recently, FIU advised platforms to keep a watch on transactions linked to persons in border areas. Data requests from the agency has also gone up, said an exchange official.
“The ministry has streamlined the registration process, which includes having an in-person meeting with the FIU-IND, submission of prescribed documents, etc. These requirements should be carefully looked into by applicants, especially the clause which requires the VDA-SP to furnish a ‘fit and proper’ certificate from FIU-IND registered VDA-SPs in all cases where the applicant VDA-SP is into a relationship with the former,” said Raghav Bajaj, counsel, Khaitan & Co.
Emails to FIU and the crypto industry lobby BharatWeb3 went unanswered till the time of going to press.
Content Source: economictimes.indiatimes.com