India Enforces Cybersecurity Checks for Cryptocurrency Businesses
In a move seen as a positive step by industry voices, the Indian government has initiated mandatory cybersecurity audits for cryptocurrency exchanges, custodians, and intermediaries. The audits are aimed at enhancing the security of these platforms following a surge in cryptocurrency thefts.
The audits are being conducted by a security auditor hired under the Indian Computer Emergency Response Team (CERT-In), a division under the IT ministry responsible for overseeing the country's cyberspace. This new requirement is tied to registration with the Financial Intelligence Unit (FIU), India's anti-money laundering agency.
The FIU, which has replaced the earlier "Fit & Proper" certificate with a new accreditation called "Partner Accreditation for Compliance & Trust" (PACT), retains the power to deny or cancel registrations if firms fail to meet anti-money laundering requirements.
The increased focus on cybersecurity comes as cryptocurrency crimes are on the rise in India, accounting for nearly 20-25% of all cybercrime cases. The main concern for these platforms is protecting the 'private key,' the alphanumeric code that controls access to funds. Auditors will need to check how and where these keys are stored.
The Indian Parliament's Standing Committee on Home Affairs recently released a report highlighting the increasing exploitation of cryptocurrencies in financial frauds, money laundering, ransomware attacks, and human trafficking. The report underscores the need for stricter regulations and enhanced security measures.
Industry reports suggest the government could adopt a segmented approach to regulation, treating Bitcoin, stablecoins, and utility tokens differently based on their use. VDA firms, already covered under the Prevention of Money Laundering Act (PMLA), are expected to meet compliance standards similar to banks.
A study conducted by Mudrex, one of India's largest crypto investment platforms, found that 93% of respondents support regulation, with 56% wanting full investor-protection frameworks, 24% preferring lighter oversight to encourage innovation, and 13% favoring regulation limited to taxation.
Harshal Bhuta, a partner at CA firm P. R. Bhuta & Co., states that the audits are likely triggered by these thefts and the CERT-In directions from April 28, 2022, which require keeping logs and storing subscriber data for a set period.
Purushottam Anand, Advocate and Founder of Crypto Legal, emphasised the importance of these audits, stating that cybersecurity auditors who typically assess banks and brokerages can identify security vulnerabilities on crypto platforms because their expertise in comprehensive risk management, regulatory compliance (such as AML/KYC processes), and advanced cybersecurity technologies (including AI and machine learning for threat detection) applies to the similar digital infrastructures and threat landscapes of crypto environments.
These audits are a significant step towards ensuring the safety and security of investments in the burgeoning cryptocurrency market in India. As the market continues to grow, it is crucial that regulatory measures are put in place to protect investors and combat the rising tide of cryptocurrency crimes.
Read also:
- IM Motors reveals extended-range powertrain akin to installing an internal combustion engine in a Tesla Model Y
- Ford Embraces Silicon Valley Approach, Introducing Affordable Mid-Sized Truck and Shared Platform
- Future Outlook for Tesla in 2024: Modest Expansion in Electric Vehicle Sales, Anticipated Surge in Self-Driving Stock
- Vegetable oils are similarly utilized in the process of road cleaning.
