In a June 2022 press conference, the Reserve Bank of India’s (RBI) deputy governor confirmed the government’s plan to adopt Central Bank Digital Currency (CBDC) gradually during fiscal year 2023. This comment was followed by Annual Report 2021–22, released by the RBI, stating CBDC would be introduced into the Indian economy through a three-step approach. The idea would first be tested for its practicality, followed by a pilot project and a subsequent full-fledged launch.
Currently, 86 percent of central banks across the world are in the process of exploring the potential of CBDC; just a few countries, such as Nigeria, have successfully adopted CBDCs. In the face of war, Russia has allegedly sought refuge under its CBDC digital ruble launched in February 2022 to evade global sanctions.
The unique selling proposition (USP) of any cryptoasset/cryptocurrency is the anonymity it offers. Cryptocurrencies, which are largely built on peer-to-peer systems, attract launderers since the entire cost of cash-out can be less than 15 percent of the profits of crime, unlike other money laundering schemes, which may cost up to 50 percent.
Critics have voiced concerns regarding the misuse of CBDC for money laundering and terrorism financing. In light of these concerns, this article aims to analyze money laundering through cryptocurrency, as well as the insufficiency of regulations governing them. It concludes with a suggested amicable resolution for the introduction of CBDC into the economy.
CBDC is a digital form of fiat currency issued by a country’s central bank. The digital rupee will function as a digital form of legal tender issued by RBI and supported by the government, allowing for contactless transactions and quicker settlement. On the RBI’s balance sheet, the sovereign currency, i.e., digital rupee, would show as a liability and would be exchangeable at par with cash.
A June 2021 controversy involving WazirX, India’s largest cryptocurrency exchange platform, highlights the importance of analyzing ties between digital currencies and regulations related to anti-money laundering (AML) and combating the financing of terrorism (CFT). WazirX was issued a show cause notice by the Enforcement Directorate (ED) for an alleged contravention of the Foreign Exchange Management Act, 1999 (FEMA). The FEMA investigation revealed that there are significant flaws in the way WazirX operates, including its bookkeeping, due diligence standards, and method of recording transactions on the blockchain(s). WazirX caters to approximately 900,000 customers, including foreign clients, and trades in over 70 different cryptocurrencies. Its onboarding process is relatively simple; clients are essentially exempt from physical verification and due diligence. There is also a lack of the usual safeguards used to protect cryptocurrency transactions for for AML/CFT purposes. Thus, virtual currency was treated as akin to money for the purposes of FEMA and the mandatory AML/CFT precautions, and FEMA guidelines were applicable to Virtual Currency Exchanges.
Currently, there is no exhaustive set of rules regulating the money laundering and terrorism financing concerns of digital currencies in India. As per the guidelines published under Section 35A of the Banking Regulation Act, 1949, and Rule 9(14) of the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, (PMLA) the RBI requires reporting entities to follow specific client identification procedures for opening accounts and monitoring suspicious transactions for the purpose of reporting to competent authorities. For bringing cryptocurrency exchanges under the purview of the reporting entity under the Prevention of Money-Laundering Act, 2002 (PMLA), section 2(s)(sa) of the PMLA states a “person carrying on designated business or profession” should be amended to include in its ambit persons/intermediaries dealing in cryptocurrency. This extends the applicability of the current PMLA to crypto-exchanges. The 2005 Rules also provide for digital KYC, which requires the capture of a live photo of the customer with the exact location where the photo is taken. This could be instrumental in determining the source of a suspicious account transaction.
In May 2021, an RBI notification required banks and financial institutions trading in cryptocurrencies to adhere to the current KYC, AML, and CFT, obligations of regulated entities under PMLA and relevant provisions under the FEMA for overseas remittances. The notification was issued in accordance with the Supreme Court of India’s decision in Internet and Mobile Association of India v. Reserve Bank of India, wherein the RBI’s two-year-old banking ban on virtual currency was found to be beyond the authority of the Indian Constitution, as it interfered with the fundamental right of cryptocurrency exchanges to participate in commerce and business.
A cornerstone of AML/CTF precautionary norms is the requirement for the identification of people associated with the transaction by the banks. With the introduction of CBDCs, this identification has become easier, and the data obtained might include personal, credit and financial history and sensitive information. However, such financial intelligence on a person could backfire in authoritarian regimes, as it would create leeway for state surveillance. But since anonymity is an integral part of digital currency transactions, some cryptocurrencies, including Monero, Zcash, DASH, Verge, and Horizen, offer absolute anonymity to their users, making it incredibly difficult to track the parties involved in transactions. Source anonymity and a lack of records of suspicious transactions are the two biggest impediments to the identification of crimes relating to money laundering and terrorism financing. Because of their secrecy and accessibility, cryptocurrencies are probably the ideal safe harbor for such illegal operations.
As a result, unless anonymity is removed from all cryptocurrency transactions, locating or freezing the digital wallet for suspicious transactions would be extremely difficult for an agency such as the ED.
For all of these reasons, the government should put proper laws and enforcement mechanisms in place before introducing CBDCs into the Indian economy.
Ahead of the introduction of CBDCs into the Indian economy, privacy should be a key consideration. To be in compliance with AML and CFT regulations, CBDC payment mechanisms would need to include the identification of users by at least one authority in the digital payment network.
Payment Interface Providers could act as middlemen between banks and the public and minimize privacy concerns by providing pseudonymous accounts while linking each account to a core ledger with the original information available to such providers. These Payment Interface Providers, in this case, would be responsible for the AML/CFT compliances and reporting of suspicious transactions to the relevant authorities.
The need of the hour is the introduction of efficient legislation drafted with foresight into probable future issues while dealing with digital currency. An autonomous regulatory authority can be formed through a constitutional amendment, which will guide India’s path to the digitization of its currency and decentralizing finance, which will result in greater convenience and the financial inclusion of its people. It can also supervise and take action on any human rights or state surveillance concerns arising out of the introduction of CBDCs. Additionally, the RBI could launch professional courses and issue relevant professional licenses. The courses could be holistic developments including finance and cybersecurity studies specifically created to cater to the government’s needs in this respect. There could be repercussions for misuse, such as the cancellation of a practitioner’s license or imprisonment, which would induce fear and reduce the risks associated with involving third parties and their unlawful intervention in the financial structure of the country.
A digital payments sector boom is possible in India through the introduction of CBDCs, as it shows great capability for financial inclusion, cheaper banking and payment costs and overall global economic digitalization. Since organized crime syndicates and criminals would not hesitate to manipulate the system, law enforcement and regulators must maintain efficient and constructive oversight of the industry by strengthening the relevant AML/CFT measures in India.
Dhvani Shah is a penultimate year student of law at Gujarat National Law University.
Suggested citation: Dhvani Shah, Indian Authorities Must Strengthen Anti-Money Laundering and Terrorism Finance Regulations Ahead of Central Bank Digital Currency Rollout, JURIST – Student Commentary, July 25, 2022, https://www.jurist.org/commentary/2022/07/dhvani-shah-cryptocurrency-regulations-india/.